CVE-2026-7634

The SlimStat Analytics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'User-Agent' header in all versions up to, and including, 5.4.11 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary we...

EUVD-2026-32729

The SlimStat Analytics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'User-Agent' header in all versions up to, and including, 5.4.11 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary we...

WordPress Element Pack Elementor Addons Plugin <= 5.4.11 is vulnerable to Broken Access Control

Software Element Pack Elementor Addons Type Plugin Vulnerable versions = 5.4.11 Fixed in 5.4.12 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-24840 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 61b5b426744b Credits Khalid Yusuf...

WordPress 5.4.x < 5.4.11 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - A SQL injection vulnerability within the Link API. - A Cross-Site Scripting XSS vulnerability on the Plugins screen. - An output escaping issue within themeta. Note that t...

LiteSpeed Web Server Enterprise 5.4.11 Command Injection

Exploit Title: LiteSpeed Web Server Enterprise 5.4.11 - Command Injection Authenticated Date: 05/20/2021 Exploit Author: cmOs - SunCSR Vendor Homepage: https://www.litespeedtech.com/ Software Link: https://www.litespeedtech.com/products Version: 5.4.11 Ubuntu/Kali Linux Step 1: Log in to the...