Lucene search
K
Wp-slimstatSlimstat Analytics

11 matches found

CVE
CVE
added 2023/03/20 3:52 p.m.108 views

CVE-2023-0630

The Slimstat Analytics WordPress plugin (pre-4.9.3.3) is vulnerable to SQL injection via shortcodes that concatenate attributes directly into SQL queries. Root cause: improper handling of shortcode attributes allows crafting queries that reach the database (CWE-89). Impact per sources: potential ...

8.8CVSS8.9AI score0.05141EPSS
Web
CVE
CVE
added 2023/08/30 1:45 a.m.83 views

CVE-2023-4597

Summary: CVE-2023-4597 affects the WordPress plugin Slimstat Analytics (versions ≤ 5.0.9). The root cause is insufficient input sanitization and output escaping on attributes used by the slimstat shortcode. Impact: authenticated attackers with contributor-level permissions can trigger a Stored Cr...

6.4CVSS5.3AI score0.00576EPSS
CVE
CVE
added 2023/01/09 10:13 p.m.77 views

CVE-2022-4310

CVE-2022-4310 concerns the Slimstat Analytics WordPress plugin before 4.9.3. The issue is failure to sanitise/escape the URI when logging requests, allowing unauthenticated attackers to perform Stored XSS against logged-in admins viewing the logs. Documents cite a CVSSv3.1 base score of 6.1 (Medi...

6.1CVSS5.9AI score0.00642EPSS
Web
CVE
CVE
added 2023/11/06 7:50 a.m.77 views

CVE-2022-45373

The CVE-2022-45373 entry affects the WordPress Slimstat Analytics plugin (vulnerable: 5.0.4, specifically 5.0.5 per Patchstack. Exploitation details are not described in the provided documents; no in-the-wild exploit status is stated. Other connected records corroborate the SQL injection vulnera...

9.8CVSS8.9AI score0.00517EPSS
CVE
CVE
added 2023/10/20 6:35 a.m.65 views

CVE-2023-4598

The CVE-2023-4598 entry affects the WordPress Slimstat Analytics plugin, with vulnerable versions up to 5.0.9. The root cause is insufficient escaping on user-supplied parameters in the plugin’s shortcode, combined with insufficient preparation of the SQL query, enabling authenticated attackers w...

8.8CVSS6.6AI score0.00916EPSS
CVE
CVE
added 2023/05/25 12:8 p.m.64 views

CVE-2022-45366

CVE-2022-45366 – WordPress Slimstat Analytics (plugin)

7.1CVSS6AI score0.0041EPSS
CVE
CVE
added 2024/10/14 11:29 p.m.55 views

CVE-2024-9548

CVE-2024-9548 affects the SlimStat Analytics WordPress plugin (versions up to and including 5.2.6). The issue is a stored cross-site scripting (XSS) vulnerability via the resource parameter, caused by insufficient input sanitization and output escaping when logging visitor requests. Consequence: ...

7.2CVSS6.1AI score0.00496EPSS
CVE
CVE
added 2024/02/02 4:32 a.m.54 views

CVE-2024-1073

The CVE-2024-1073 entry concerns the SlimStat Analytics WordPress plugin (versions up to 5.1.3). The root cause is insufficient input sanitization and output escaping in the filter_array parameter, enabling stored Cross-Site Scripting. Authenticated attackers with subscriber-level access and abov...

6.4CVSS5.6AI score0.00452EPSS
CVE
CVE
added 2019/08/21 12:37 p.m.50 views

CVE-2019-15112

The CVE-2019-15112 entry describes a cross-site scripting (XSS) vulnerability in the WordPress wp-slimstat plugin before version 4.8.1. Public sources (e.g., PT-2019-13992, NVD, CNVD, RH) confirm the flaw and consistently recommend updating to 4.8.1 or later. The issue is attributed to inadequate...

6.1CVSS6.3AI score0.01046EPSS
CVE
CVE
added 2023/09/27 6:45 a.m.43 views

CVE-2023-40676

The CVE-2023-40676 entry concerns the VeronaLabs Slimstat Analytics WordPress plugin. Affected software: Slimstat Analytics plugin versions

5.9CVSS5.1AI score0.00354EPSS
CVE
CVE
added 2018/10/07 5:0 p.m.41 views

CVE-2015-9273

CVE-2015-9273 affects the WordPress plugin wp-slimstat (Slimstat Analytics) , with an XSS vulnerability exploitable via an HTTP Referer header or a related JavaScript Referer tracking field. Affected versions are prior to 4.1.6.1 . The issue is documented across multiple sources confirming a stor...

6.1CVSS6AI score0.0133EPSS