191 matches found
CVE-2022-4310
CVE-2022-4310 concerns the Slimstat Analytics WordPress plugin before 4.9.3. The issue is failure to sanitise/escape the URI when logging requests, allowing unauthenticated attackers to perform Stored XSS against logged-in admins viewing the logs. Documents cite a CVSSv3.1 base score of 6.1 (Medi...
CVE-2022-4310 Slimstat Analytics < 4.9.3 - Unauthenticated Stored XSS
The Slimstat Analytics WordPress plugin before 4.9.3 does not sanitise and escape the URI when logging requests, which could allow unauthenticated attackers to perform Stored Cross-Site Scripting attacks against logged in admin viewing the logs...
CVE-2022-4310 Slimstat Analytics < 4.9.3 - Unauthenticated Stored XSS
The Slimstat Analytics WordPress plugin before 4.9.3 does not sanitise and escape the URI when logging requests, which could allow unauthenticated attackers to perform Stored Cross-Site Scripting attacks against logged in admin viewing the logs...
PT-2023-14176 · WordPress · Slimstat Analytics
Name of the Vulnerable Software and Affected Versions: Slimstat Analytics WordPress plugin versions prior to 4.9.3 Description: The issue allows unauthenticated attackers to perform Stored Cross-Site Scripting attacks against logged-in admins viewing the logs, due to the plugin's failure to...
WordPress Plugin Slimstat Analytics 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerability...
Slimstat Analytics < 4.9.3 - Unauthenticated Stored XSS
The plugin does not sanitise and escape the URI when logging requests, which could allow unauthenticated attackers to perform Stored Cross-Site Scripting attacks against logged in admin viewing the logs PoC As an unauthenticated user, open the following URL https://example.com/?s=" The XSS will b...
Slimstat Analytics < 4.9.3 - Unauthenticated Stored XSS
The plugin does not sanitise and escape the URI when logging requests, which could allow unauthenticated attackers to perform Stored Cross-Site Scripting attacks against logged in admin viewing the logs As an unauthenticated user, open the following URL https://example.com/?s="alert/XSS/ The XSS...
WordPress Slimstat Analytics Plugin < 4.8.1 XSS Vulnerability
The WordPress plugin Copyright C 2019 Greenbone Networks GmbH SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the...
WordPress Slimstat Analytics plugin <= 4.8.3 - Cross-Site Request Forgery (CSRF) to Stored Cross-Site Scripting (XSS) + Setting Updates vulnerabilities
Cross-Site Request Forgery CSRF to Stored Cross-Site Scripting XSS + Setting Updates vulnerabilities found in WordPress Slimstat Analytics plugin versions = 4.8.3. Solution Update the WordPress Slimstat Analytics plugin to the latest available version at least 4.8.4...
Slimstat Analytics Plugin for WordPress < 4.7.1 PHP Object Injection
According to its self-reported version, the Slimstat Analytics Plugin for WordPress running on the remote web server is prior to 4.7.1. It is, therefore, affected by a PHP object injection vulnerability. An authenticated, remote attacker can exploit this issue to inject PHP objects and execute...
WP Slimstat <= 4.1.5.2 - Referer Header Cross-Site Scripting (XSS)
The Slimstat Analytics WordPress plugin was affected by a Referer Header Cross-Site Scripting XSS security vulnerability...