Lucene search
K

191 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 12:51 a.m.9 views

CVE-2022-45373

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Jason Crouse, VeronaLabs Slimstat Analytics allows SQL Injection.This issue affects Slimstat Analytics: from n/a through 5.0.4...

9.8CVSS8.9AI score0.00517EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 12:33 a.m.7 views

CVE-2022-4310

The Slimstat Analytics WordPress plugin before 4.9.3 does not sanitise and escape the URI when logging requests, which could allow unauthenticated attackers to perform Stored Cross-Site Scripting attacks against logged in admin viewing the logs...

6.1CVSS6AI score0.00642EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:41 a.m.4 views

CVE-2015-9273

The wp-slimstat aka Slimstat Analytics plugin before 4.1.6.1 for WordPress has XSS via an HTTP Referer header, or via a field associated with JavaScript-based Referer tracking...

6.1CVSS6.1AI score0.0133EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 10:26 p.m.10 views

CVE-2022-45366

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Jason Crouse, VeronaLabs Slimstat Analytics plugin = 5.0.4 versions...

7.1CVSS5.8AI score0.0041EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 4:25 a.m.11 views

CVE-2024-9548

The SlimStat Analytics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the resource parameter in all versions up to, and including, 5.2.6 due to insufficient input sanitization and output escaping when logging visitor requests. This makes it possible for unauthenticated...

7.2CVSS6.1AI score0.00496EPSS
Exploits0References1
NVD
NVD
added 2024/12/13 3:15 p.m.21 views

CVE-2023-33994

Missing Authorization vulnerability in VeronaLabs Slimstat Analytics wp-slimstat allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Slimstat Analytics: from n/a through = 5.0.5.1...

6.5CVSS0.00487EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2024/12/13 3:15 p.m.4 views

CVE-2023-33994

Missing Authorization vulnerability in VeronaLabs Slimstat Analytics wp-slimstat allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Slimstat Analytics: from n/a through = 5.0.5.1...

6.5CVSS5.8AI score0.00487EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/12/13 2:23 p.m.18 views

CVE-2023-33994 WordPress Slimstat Analytics plugin <= 5.0.5.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in VeronaLabs Slimstat Analytics wp-slimstat allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Slimstat Analytics: from n/a through = 5.0.5.1...

6.5CVSS0.00487EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/12/13 2:23 p.m.13 views

CVE-2023-33994 WordPress Slimstat Analytics plugin <= 5.0.5.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in VeronaLabs Slimstat Analytics wp-slimstat allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Slimstat Analytics: from n/a through = 5.0.5.1...

6.5CVSS7.3AI score0.00487EPSS
Exploits0References1
CVE
CVE
added 2024/12/13 2:23 p.m.44 views

CVE-2023-33994

CVE-2023-33994 affects the WordPress Slimstat Analytics plugin, specifically versions up to and including 5.0.5.1. The root cause is a missing authorization check leading to Broken Access Control. The Patchstack entry confirms the vulnerability, with exposure under the plugin’s access control, an...

6.5CVSS7.1AI score0.00487EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/12/13 12:0 a.m.3 views

WordPress plugin Slimstat Analytics 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A security...

6.5CVSS7.2AI score0.00487EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/12/13 12:0 a.m.4 views

PT-2024-12454 · Unknown · Slimstat Analytics

Name of the Vulnerable Software and Affected Versions: Slimstat Analytics versions 5.0.5.1 and earlier Description: The issue is related to a Missing Authorization vulnerability, which allows exploiting incorrectly configured access control security levels. Recommendations: For Slimstat Analytics...

6.5CVSS7.7AI score0.00487EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/10/14 11:29 p.m.19 views

CVE-2024-9548 Slimstat Analytics <= 5.2.6 - Unauthenticated Stored Cross-Site Scripting

The SlimStat Analytics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the resource parameter in all versions up to, and including, 5.2.6 due to insufficient input sanitization and output escaping when logging visitor requests. This makes it possible for unauthenticated...

7.2CVSS0.00496EPSS
Exploits0References3
OSV
OSV
added 2024/10/14 11:29 p.m.12 views

CVE-2024-9548 Slimstat Analytics <= 5.2.6 - Unauthenticated Stored Cross-Site Scripting

The SlimStat Analytics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the resource parameter in all versions up to, and including, 5.2.6 due to insufficient input sanitization and output escaping when logging visitor requests. This makes it possible for unauthenticated...

7.2CVSS6.1AI score0.00496EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2024/10/14 11:29 p.m.15 views

CVE-2024-9548 Slimstat Analytics <= 5.2.6 - Unauthenticated Stored Cross-Site Scripting

The SlimStat Analytics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the resource parameter in all versions up to, and including, 5.2.6 due to insufficient input sanitization and output escaping when logging visitor requests. This makes it possible for unauthenticated...

7.2CVSS6.1AI score0.00496EPSS
Exploits0References3
CVE
CVE
added 2024/10/14 11:29 p.m.56 views

CVE-2024-9548

CVE-2024-9548 affects the SlimStat Analytics WordPress plugin (versions up to and including 5.2.6). The issue is a stored cross-site scripting (XSS) vulnerability via the resource parameter, caused by insufficient input sanitization and output escaping when logging visitor requests. Consequence: ...

7.2CVSS6.1AI score0.00496EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/10/14 12:2 p.m.4 views

WordPress Slimstat Analytics plugin <= 5.2.6 - Unauthenticated Stored Cross-Site Scripting vulnerability

Unauthenticated Stored Cross-Site Scripting vulnerability discovered by Bilal Chawich Duke in WordPress Plugin Slimstat Analytics versions = 5.2.6...

7.2CVSS5.8AI score0.00496EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2024/10/14 12:0 a.m.4 views

WordPress plugin Slimstat Analytics 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

7.2CVSS5.8AI score0.00496EPSS
Exploits0References2
Patchstack
Patchstack
added 2024/10/14 12:0 a.m.14 views

WordPress Slimstat Analytics Plugin <= 5.2.6 is vulnerable to Cross Site Scripting (XSS)

Software Slimstat Analytics Type Plugin Vulnerable versions = 5.2.6 Fixed in 5.2.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9548 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 36cf28244951 Credits Bilal Chawich...

7.2CVSS5.6AI score0.00496EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2024/02/02 5:15 a.m.18 views

CVE-2024-1073

The SlimStat Analytics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'filterarray' parameter in all versions up to, and including, 5.1.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-leve...

6.4CVSS5.7AI score0.00452EPSS
Exploits0References3
Rows per page
Query Builder