248 matches found
Slimstat Analytics < 4.9.3.3 Subscriber - SQL Injection
The Slimstat Analytics WordPress plugin before 4.9.3.3 does not prevent subscribers from rendering shortcodes that concatenates attributes directly into an SQL query. id: CVE-2023-0630 info: name: Slimstat Analytics 4.9.3.3 Subscriber - SQL Injection author: DhiyaneshDK severity: high description...
EUVD-2026-37670
Unauthenticated Deserialization of untrusted data in Slimstat Analytics 5.4.0 versions...
CVE-2026-54818
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in VeronaLabs Slimstat Analytics allows Blind SQL Injection. This issue affects Slimstat Analytics: from n/a through 5.4.11...
CVE-2026-54818 WordPress Slimstat Analytics plugin <= 5.4.11 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in VeronaLabs Slimstat Analytics allows Blind SQL Injection. This issue affects Slimstat Analytics: from n/a through 5.4.11...
EUVD-2026-37705
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in VeronaLabs Slimstat Analytics allows Blind SQL Injection. This issue affects Slimstat Analytics: from n/a through 5.4.11...
CVE-2026-27410
Unauthenticated Deserialization of untrusted data in Slimstat Analytics 5.4.0 versions...
CVE-2026-27410 WordPress Slimstat Analytics plugin < 5.4.0 - Deserialization of untrusted data vulnerability
Unauthenticated Deserialization of untrusted data in Slimstat Analytics 5.4.0 versions...
CVE-2026-27410
CVE-2026-27410 concerns WordPress Slimstat Analytics plugin prior to 5.4.0, with unauthenticated deserialization of untrusted data exposed by versions
CVE-2026-7634
The SlimStat Analytics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'User-Agent' header in all versions up to, and including, 5.4.11 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary we...
WordPress Slimstat Analytics plugin < 5.4.0 - Deserialization of untrusted data vulnerability
Deserialization of untrusted data vulnerability discovered by mcdruid in WordPress Plugin Slimstat Analytics versions 5.4.0...
WordPress SlimStat Analytics plugin <= 5.4.11 - Unauthenticated Stored Cross-Site Scripting vulnerability
Unauthenticated Stored Cross-Site Scripting vulnerability discovered by Supakiad S. m3ez - E-CQURITY Thailand in WordPress Plugin Slimstat Analytics versions = 5.4.11...
EUVD-2026-32729
The SlimStat Analytics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'User-Agent' header in all versions up to, and including, 5.4.11 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary we...
CVE-2026-7634 SlimStat Analytics <= 5.4.11 - Unauthenticated Stored Cross-Site Scripting via User-Agent Header
The SlimStat Analytics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'User-Agent' header in all versions up to, and including, 5.4.11 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary we...
CVE-2026-7634
Technical details are not publicly available in the provided documents. Monitor for updates.
CVE-2026-7634 SlimStat Analytics <= 5.4.11 - Unauthenticated Stored Cross-Site Scripting via User-Agent Header
The SlimStat Analytics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'User-Agent' header in all versions up to, and including, 5.4.11 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary we...
WordPress plugin SlimStat Analytics 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
PT-2026-44203
The SlimStat Analytics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'User-Agent' header in all versions up to, and including, 5.4.11 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary we...
CVE-2026-1238
The SlimStat Analytics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'fh' fingerprint parameter in all versions up to, and including, 5.3.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...
WordPress SlimStat Analytics plugin <= 5.3.5 - Unauthenticated Stored Cross-Site Scripting via 'fh' vulnerability
Unauthenticated Stored Cross-Site Scripting via 'fh' vulnerability discovered by Supakiad S. m3ez - E-CQURITY Thailand in WordPress Plugin Slimstat Analytics versions = 5.3.5...
EUVD-2026-13043
The SlimStat Analytics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'fh' fingerprint parameter in all versions up to, and including, 5.3.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...