191 matches found
Cross site scripting
The SlimStat Analytics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'filterarray' parameter in all versions up to, and including, 5.1.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-leve...
CVE-2024-1073 SlimStat Analytics <= 5.1.3 - Authenticated (Subscriber+) Stored Cross-Site Scripting
The SlimStat Analytics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'filterarray' parameter in all versions up to, and including, 5.1.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-leve...
CVE-2024-1073 SlimStat Analytics <= 5.1.3 - Authenticated (Subscriber+) Stored Cross-Site Scripting
The SlimStat Analytics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'filterarray' parameter in all versions up to, and including, 5.1.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-leve...
CVE-2024-1073 SlimStat Analytics <= 5.1.3 - Authenticated (Subscriber+) Stored Cross-Site Scripting
The SlimStat Analytics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'filterarray' parameter in all versions up to, and including, 5.1.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-leve...
CVE-2024-1073
The CVE-2024-1073 entry concerns the SlimStat Analytics WordPress plugin (versions up to 5.1.3). The root cause is insufficient input sanitization and output escaping in the filter_array parameter, enabling stored Cross-Site Scripting. Authenticated attackers with subscriber-level access and abov...
WordPress plugin SlimStat Analytics security vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...
SlimStat Analytics < 5.1.4 - Subscriber+ Stored XSS
Description The plugin is vulnerable to Stored Cross-Site Scripting via the 'filterarray' parameter due to insufficient input sanitization and output escaping, allowing any authenticated users, such as subscriber, to inject arbitrary web scripts in pages that will execute whenever a user accesses...
PT-2024-16492 · WordPress · Slimstat Analytics
Name of the Vulnerable Software and Affected Versions: SlimStat Analytics plugin for WordPress versions up to, and including, 5.1.3 Description: The issue is related to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping. This allows authenticated attackers with...
WordPress Slimstat Analytics Plugin <= 5.1.3 is vulnerable to Cross Site Scripting (XSS)
Software Slimstat Analytics Type Plugin Vulnerable versions = 5.1.3 Fixed in 5.1.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1073 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID d8755898281f Credits Lucio Sá Requir...
CVE-2022-45373
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Jason Crouse, VeronaLabs Slimstat Analytics allows SQL Injection.This issue affects Slimstat Analytics: from n/a through 5.0.4...
Sql injection
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Jason Crouse, VeronaLabs Slimstat Analytics allows SQL Injection.This issue affects Slimstat Analytics: from n/a through 5.0.4...
CVE-2022-45373
The CVE-2022-45373 entry affects the WordPress Slimstat Analytics plugin (vulnerable: 5.0.4, specifically 5.0.5 per Patchstack. Exploitation details are not described in the provided documents; no in-the-wild exploit status is stated. Other connected records corroborate the SQL injection vulnera...
CVE-2022-45373 WordPress Slimstat Analytics Plugin <= 5.0.4 is vulnerable to SQL Injection
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Jason Crouse, VeronaLabs Slimstat Analytics allows SQL Injection.This issue affects Slimstat Analytics: from n/a through 5.0.4...
CVE-2022-45373 WordPress Slimstat Analytics Plugin <= 5.0.4 is vulnerable to SQL Injection
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Jason Crouse, VeronaLabs Slimstat Analytics allows SQL Injection.This issue affects Slimstat Analytics: from n/a through 5.0.4...
CVE-2022-45373 WordPress Slimstat Analytics plugin <= 5.0.4 - SQL Injection (SQLi) vulnerability
A vulnerability in VeronaLabs Slimstat Analytics wp-slimstat.This issue affects Slimstat Analytics: from n/a through = 5.0.4...
PT-2023-14660 · Unknown · Slimstat Analytics
Name of the Vulnerable Software and Affected Versions: Slimstat Analytics versions n/a through 5.0.4 Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection attacks. Recommendation...
WordPress Plugin Slimstat Analytics SQL Injection Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress Plugin Slimstat...
WordPress Slimstat Analytics Plugin < 5.0.10 SQLi Vulnerability
The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:wp-slimstat:slimstatanalytics"; ifdescription...
CVE-2023-4598
The Slimstat Analytics plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 5.0.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...
Sql injection
The Slimstat Analytics plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 5.0.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...