Lucene search
K

191 matches found

CVE
CVE
added 2023/01/09 10:13 p.m.78 views

CVE-2022-4310

CVE-2022-4310 concerns the Slimstat Analytics WordPress plugin before 4.9.3. The issue is failure to sanitise/escape the URI when logging requests, allowing unauthenticated attackers to perform Stored XSS against logged-in admins viewing the logs. Documents cite a CVSSv3.1 base score of 6.1 (Medi...

6.1CVSS5.9AI score0.00642EPSS
Exploits2References1Affected Software1
OSV
OSV
added 2023/01/09 10:13 p.m.25 views

CVE-2022-4310 Slimstat Analytics < 4.9.3 - Unauthenticated Stored XSS

The Slimstat Analytics WordPress plugin before 4.9.3 does not sanitise and escape the URI when logging requests, which could allow unauthenticated attackers to perform Stored Cross-Site Scripting attacks against logged in admin viewing the logs...

6.1CVSS6.4AI score0.00642EPSS
Exploits2References4
Cvelist
Cvelist
added 2023/01/09 10:13 p.m.22 views

CVE-2022-4310 Slimstat Analytics < 4.9.3 - Unauthenticated Stored XSS

The Slimstat Analytics WordPress plugin before 4.9.3 does not sanitise and escape the URI when logging requests, which could allow unauthenticated attackers to perform Stored Cross-Site Scripting attacks against logged in admin viewing the logs...

6.1AI score0.00642EPSS
Exploits2References1
Positive Technologies
Positive Technologies
added 2023/01/09 12:0 a.m.6 views

PT-2023-14176 · WordPress · Slimstat Analytics

Name of the Vulnerable Software and Affected Versions: Slimstat Analytics WordPress plugin versions prior to 4.9.3 Description: The issue allows unauthenticated attackers to perform Stored Cross-Site Scripting attacks against logged-in admins viewing the logs, due to the plugin's failure to...

6.1CVSS6AI score0.00642EPSS
Exploits2References5
CNNVD
CNNVD
added 2023/01/09 12:0 a.m.6 views

WordPress Plugin Slimstat Analytics 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerability...

6.1CVSS5.9AI score0.00642EPSS
Exploits2References2
WPVulnDB
WPVulnDB
added 2022/12/19 12:0 a.m.19 views

Slimstat Analytics < 4.9.3 - Unauthenticated Stored XSS

The plugin does not sanitise and escape the URI when logging requests, which could allow unauthenticated attackers to perform Stored Cross-Site Scripting attacks against logged in admin viewing the logs PoC As an unauthenticated user, open the following URL https://example.com/?s=" The XSS will b...

6.1CVSS0.8AI score0.00642EPSS
Exploits2Affected Software1
wpexploit
wpexploit
added 2022/12/19 12:0 a.m.382 views

Slimstat Analytics < 4.9.3 - Unauthenticated Stored XSS

The plugin does not sanitise and escape the URI when logging requests, which could allow unauthenticated attackers to perform Stored Cross-Site Scripting attacks against logged in admin viewing the logs As an unauthenticated user, open the following URL https://example.com/?s="alert/XSS/ The XSS...

6.1CVSS0.1AI score0.00642EPSS
Exploits2
OpenVAS
OpenVAS
added 2019/09/16 12:0 a.m.24 views

WordPress Slimstat Analytics Plugin < 4.8.1 XSS Vulnerability

The WordPress plugin Copyright C 2019 Greenbone Networks GmbH SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the...

6.1CVSS6.4AI score0.01046EPSS
Exploits0References2
Patchstack
Patchstack
added 2019/07/10 12:0 a.m.9 views

WordPress Slimstat Analytics plugin <= 4.8.3 - Cross-Site Request Forgery (CSRF) to Stored Cross-Site Scripting (XSS) + Setting Updates vulnerabilities

Cross-Site Request Forgery CSRF to Stored Cross-Site Scripting XSS + Setting Updates vulnerabilities found in WordPress Slimstat Analytics plugin versions = 4.8.3. Solution Update the WordPress Slimstat Analytics plugin to the latest available version at least 4.8.4...

2.6AI score
Exploits0References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2017/12/05 12:0 a.m.72 views

Slimstat Analytics Plugin for WordPress < 4.7.1 PHP Object Injection

According to its self-reported version, the Slimstat Analytics Plugin for WordPress running on the remote web server is prior to 4.7.1. It is, therefore, affected by a PHP object injection vulnerability. An authenticated, remote attacker can exploit this issue to inject PHP objects and execute...

6AI score
Exploits0References2
WPVulnDB
WPVulnDB
added 2015/07/26 12:0 a.m.18 views

WP Slimstat <= 4.1.5.2 - Referer Header Cross-Site Scripting (XSS)

The Slimstat Analytics WordPress plugin was affected by a Referer Header Cross-Site Scripting XSS security vulnerability...

4.3CVSS1.1AI score0.0133EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder