Vulnerabilities > WP Slimstat

DATE	CVE	VULNERABILITY TITLE	RISK
2024-02-02	CVE-2024-1073	Cross-site Scripting vulnerability in Wp-Slimstat Slimstat Analytics The SlimStat Analytics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'filter_array' parameter in all versions up to, and including, 5.1.3 due to insufficient input sanitization and output escaping. network low complexity wp-slimstat CWE-79	5.4
2023-11-06	CVE-2022-45373	SQL Injection vulnerability in Wp-Slimstat Slimstat Analytics Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Jason Crouse, VeronaLabs Slimstat Analytics allows SQL Injection.This issue affects Slimstat Analytics: from n/a through 5.0.4. network low complexity wp-slimstat CWE-89 critical	9.8
2023-10-20	CVE-2023-4598	SQL Injection vulnerability in Wp-Slimstat Slimstat Analytics The Slimstat Analytics plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 5.0.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. network low complexity wp-slimstat CWE-89	6.5
2023-09-27	CVE-2023-40676	Cross-site Scripting vulnerability in Wp-Slimstat Slimstat Analytics Auth. network low complexity wp-slimstat CWE-79	4.8
2023-08-30	CVE-2023-4597	Unspecified vulnerability in Wp-Slimstat Slimstat Analytics The Slimstat Analytics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'slimstat' shortcode in versions up to, and including, 5.0.9 due to insufficient input sanitization and output escaping on user supplied attributes. network low complexity wp-slimstat	6.4
2023-05-25	CVE-2022-45366	Cross-site Scripting vulnerability in Wp-Slimstat Slimstat Analytics Unauth. network low complexity wp-slimstat CWE-79	6.1
2023-03-20	CVE-2023-0630	Unspecified vulnerability in Wp-Slimstat Slimstat Analytics The Slimstat Analytics WordPress plugin before 4.9.3.3 does not prevent subscribers from rendering shortcodes that concatenates attributes directly into an SQL query. network low complexity wp-slimstat	8.8
2023-01-09	CVE-2022-4310	Unspecified vulnerability in Wp-Slimstat Slimstat Analytics The Slimstat Analytics WordPress plugin before 4.9.3 does not sanitise and escape the URI when logging requests, which could allow unauthenticated attackers to perform Stored Cross-Site Scripting attacks against logged in admin viewing the logs network low complexity wp-slimstat	6.1
2019-08-21	CVE-2019-15112	Cross-site Scripting vulnerability in Wp-Slimstat Slimstat Analytics The wp-slimstat plugin before 4.8.1 for WordPress has XSS. network low complexity wp-slimstat CWE-79	6.1
2018-10-07	CVE-2015-9273	Cross-site Scripting vulnerability in Wp-Slimstat Slimstat Analytics The wp-slimstat (aka Slimstat Analytics) plugin before 4.1.6.1 for WordPress has XSS via an HTTP Referer header, or via a field associated with JavaScript-based Referer tracking. network wp-slimstat CWE-79	4.3

Vulnerabilities > WP Slimstat {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"WP Slimstat"}]}

Vulnerabilities > WP Slimstat