CVE-2026-1238 SlimStat Analytics <= 5.3.5 - Unauthenticated Stored Cross-Site Scripting via 'fh'

The SlimStat Analytics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'fh' fingerprint parameter in all versions up to, and including, 5.3.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

CVE-2023-40676

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Jason Crouse, VeronaLabs Slimstat Analytics plugin = 5.0.8 versions...

PT-2025-52436

The SlimStat Analytics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'outbound resource' parameter in the slimtrack AJAX action in all versions up to, and including, 5.3.2. This is due to insufficient input sanitization and output escaping on user supplied attributes...

CVE-2022-45366

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Jason Crouse, VeronaLabs Slimstat Analytics plugin = 5.0.4 versions...

CVE-2023-33994 WordPress Slimstat Analytics plugin <= 5.0.5.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in VeronaLabs Slimstat Analytics wp-slimstat allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Slimstat Analytics: from n/a through = 5.0.5.1...

WordPress plugin Slimstat Analytics SQL Injection Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection vulnerability exists i...

CVE-2022-45366

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Jason Crouse, VeronaLabs Slimstat Analytics plugin = 5.0.4 versions...

Cross site scripting

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Jason Crouse, VeronaLabs Slimstat Analytics plugin = 5.0.4 versions...

CVE-2022-45366

CVE-2022-45366 – WordPress Slimstat Analytics (plugin)

Slimstat Analytics Plugin for WordPress < 4.7.1 PHP Object Injection

According to its self-reported version, the Slimstat Analytics Plugin for WordPress running on the remote web server is prior to 4.7.1. It is, therefore, affected by a PHP object injection vulnerability. An authenticated, remote attacker can exploit this issue to inject PHP objects and execute...