Lucene search

K
wpvulndbWpvulndbWPVDB-ID:C3F19A8C-40CB-4CB3-B085-AAC8391163A0
HistorySep 27, 2023 - 12:00 a.m.

Slimstat Analytics < 5.0.9 - Admin+ Stored XSS

2023-09-2700:00:00
wpscan.com
4
plugin validation escape parameters admin role stored cross-site scripting attacks unfiltered_html capability multisite setup

5.6 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

14.1%

Description The plugin does not validate and escape some parameters, which could allow users with the admin role and above to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

CPENameOperatorVersion
eq5.0.9

5.6 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

14.1%

Related for WPVDB-ID:C3F19A8C-40CB-4CB3-B085-AAC8391163A0