7 matches found
CVE-2023-0630
The Slimstat Analytics WordPress plugin (pre-4.9.3.3) is vulnerable to SQL injection via shortcodes that concatenate attributes directly into SQL queries. Root cause: improper handling of shortcode attributes allows crafting queries that reach the database (CWE-89). Impact per sources: potential ...
CVE-2022-45373
The CVE-2022-45373 entry affects the WordPress Slimstat Analytics plugin (vulnerable: 5.0.4, specifically 5.0.5 per Patchstack. Exploitation details are not described in the provided documents; no in-the-wild exploit status is stated. Other connected records corroborate the SQL injection vulnera...
CVE-2022-4310
CVE-2022-4310 concerns the Slimstat Analytics WordPress plugin before 4.9.3. The issue is failure to sanitise/escape the URI when logging requests, allowing unauthenticated attackers to perform Stored XSS against logged-in admins viewing the logs. Documents cite a CVSSv3.1 base score of 6.1 (Medi...
CVE-2023-4598
The CVE-2023-4598 entry affects the WordPress Slimstat Analytics plugin, with vulnerable versions up to 5.0.9. The root cause is insufficient escaping on user-supplied parameters in the plugin’s shortcode, combined with insufficient preparation of the SQL query, enabling authenticated attackers w...
CVE-2024-9548
CVE-2024-9548 affects the SlimStat Analytics WordPress plugin (versions up to and including 5.2.6). The issue is a stored cross-site scripting (XSS) vulnerability via the resource parameter, caused by insufficient input sanitization and output escaping when logging visitor requests. Consequence: ...
CVE-2019-15112
The CVE-2019-15112 entry describes a cross-site scripting (XSS) vulnerability in the WordPress wp-slimstat plugin before version 4.8.1. Public sources (e.g., PT-2019-13992, NVD, CNVD, RH) confirm the flaw and consistently recommend updating to 4.8.1 or later. The issue is attributed to inadequate...
CVE-2015-9273
CVE-2015-9273 affects the WordPress plugin wp-slimstat (Slimstat Analytics) , with an XSS vulnerability exploitable via an HTTP Referer header or a related JavaScript Referer tracking field. Affected versions are prior to 4.1.6.1 . The issue is documented across multiple sources confirming a stor...