11 matches found
CVE-2023-0630
The Slimstat Analytics WordPress plugin (pre-4.9.3.3) is vulnerable to SQL injection via shortcodes that concatenate attributes directly into SQL queries. Root cause: improper handling of shortcode attributes allows crafting queries that reach the database (CWE-89). Impact per sources: potential ...
CVE-2023-4597
Summary: CVE-2023-4597 affects the WordPress plugin Slimstat Analytics (versions ≤ 5.0.9). The root cause is insufficient input sanitization and output escaping on attributes used by the slimstat shortcode. Impact: authenticated attackers with contributor-level permissions can trigger a Stored Cr...
CVE-2022-4310
CVE-2022-4310 concerns the Slimstat Analytics WordPress plugin before 4.9.3. The issue is failure to sanitise/escape the URI when logging requests, allowing unauthenticated attackers to perform Stored XSS against logged-in admins viewing the logs. Documents cite a CVSSv3.1 base score of 6.1 (Medi...
CVE-2022-45373
The CVE-2022-45373 entry affects the WordPress Slimstat Analytics plugin (vulnerable: 5.0.4, specifically 5.0.5 per Patchstack. Exploitation details are not described in the provided documents; no in-the-wild exploit status is stated. Other connected records corroborate the SQL injection vulnera...
CVE-2023-4598
The CVE-2023-4598 entry affects the WordPress Slimstat Analytics plugin, with vulnerable versions up to 5.0.9. The root cause is insufficient escaping on user-supplied parameters in the plugin’s shortcode, combined with insufficient preparation of the SQL query, enabling authenticated attackers w...
CVE-2022-45366
CVE-2022-45366 – WordPress Slimstat Analytics (plugin)
CVE-2024-9548
CVE-2024-9548 affects the SlimStat Analytics WordPress plugin (versions up to and including 5.2.6). The issue is a stored cross-site scripting (XSS) vulnerability via the resource parameter, caused by insufficient input sanitization and output escaping when logging visitor requests. Consequence: ...
CVE-2024-1073
The CVE-2024-1073 entry concerns the SlimStat Analytics WordPress plugin (versions up to 5.1.3). The root cause is insufficient input sanitization and output escaping in the filter_array parameter, enabling stored Cross-Site Scripting. Authenticated attackers with subscriber-level access and abov...
CVE-2019-15112
The CVE-2019-15112 entry describes a cross-site scripting (XSS) vulnerability in the WordPress wp-slimstat plugin before version 4.8.1. Public sources (e.g., PT-2019-13992, NVD, CNVD, RH) confirm the flaw and consistently recommend updating to 4.8.1 or later. The issue is attributed to inadequate...
CVE-2023-40676
The CVE-2023-40676 entry concerns the VeronaLabs Slimstat Analytics WordPress plugin. Affected software: Slimstat Analytics plugin versions
CVE-2015-9273
CVE-2015-9273 affects the WordPress plugin wp-slimstat (Slimstat Analytics) , with an XSS vulnerability exploitable via an HTTP Referer header or a related JavaScript Referer tracking field. Affected versions are prior to 4.1.6.1 . The issue is documented across multiple sources confirming a stor...