15 matches found
CVE-2025-15055
The SlimStat Analytics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'notes' and 'resource' parameters in all versions up to, and including, 5.3.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...
CVE-2023-4597
The Slimstat Analytics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'slimstat' shortcode in versions up to, and including, 5.0.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers...
CVE-2019-15112
The wp-slimstat plugin before 4.8.1 for WordPress has XSS...
CVE-2015-1204
Cross-site scripting XSS vulnerability in the Save Filters functionality in the WP Slimstat plugin before 3.9.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the fsresource parameter in the wp-slim-view-2 page to wp-admin/admin.php...
CVE-2023-4597 Slimstat Analytics <= 5.0.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
The Slimstat Analytics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'slimstat' shortcode in versions up to, and including, 5.0.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers...
CVE-2019-15112
The wp-slimstat plugin before 4.8.1 for WordPress has XSS...
WordPress WP Slimstat 'wp-slimstat.php' plugin cross-site scripting vulnerability
WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language, the platform supports personal blog sites set up on PHP and MySQL servers.WP SlimStat is one of the real-time statistical analysis plugin. A cross-site scripting vulnerability exists in the...
WordPress Slimstat Plugin <= 4.1.5.2 - Cross Site Scripting
This plugin is prone to a referer header cross site scripting vulnerability. Solution Update the plugin...
WordPress Slimstat Plugin <= 3.9.5 - SQL Injections
This plugin is prone to weak cryptographic keys leading to SQL injections. Solution Update the plugin...
WordPress plugin WP Slimstat 'wp-admin/admin.php' cross-site scripting vulnerability
WordPress is a blogging platform developed using the PHP language that allows users to set up their weblogs on servers that support PHP and MySQL databases. A cross-site scripting vulnerability exists in the WordPress plugin WP Slimstat 'wp-admin/admin.php', which can be exploited by an attacker ...
WordPress Slimstat Plugin SQL Injection
An SQL injection vulnerability has been reported in Wordpress Slimstat Plugin. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system...
WordPress Sites Vulnerable to Plugin-Related SQL Attacks
More than one million WordPress sites may be vulnerable to a critical plugin issue that could open sites up to SQL injection attacks and in turn, total takeover. The problem stems from a weak key vulnerability in WP-Slimstat, a web analytics plugin for the content management system that’s been...
CVE-2015-1204
Cross-site scripting XSS vulnerability in the Save Filters functionality in the WP Slimstat plugin before 3.9.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the fsresource parameter in the wp-slim-view-2 page to wp-admin/admin.php...
Cross site scripting
Cross-site scripting XSS vulnerability in the Save Filters functionality in the WP Slimstat plugin before 3.9.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the fsresource parameter in the wp-slim-view-2 page to wp-admin/admin.php...
CVE-2015-1204
Summary: WP Slimstat for WordPress is affected by a Cross-Site Scripting (XSS) vulnerability in the Save Filters functionality. The issue allows an attacker to inject arbitrary script or HTML via the fs[resource] parameter on the wp-slim-view-2 page (to wp-admin/admin.php). Affected versions: bef...