Wp-slimstat Slimstat Analytics — known CVE vulnerabilities
Every CVE whose affected-product data names Wp-slimstat Slimstat Analytics, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (11)
CVE-2022-45373 — CVSS 8.8 (high): Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Jason Crouse, VeronaLabs Slimstat…
CVE-2023-4598 — CVSS 8.8 (high): The Slimstat Analytics plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including…
CVE-2023-0630 — CVSS 8.8 (high): The Slimstat Analytics WordPress plugin before 4.9.3.3 does not prevent subscribers from rendering shortcodes that concatenates attributes…
CVE-2024-9548 — CVSS 7.2 (high): The SlimStat Analytics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the resource parameter in all versions up to…
CVE-2023-4597 — CVSS 6.4 (medium): The Slimstat Analytics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'slimstat' shortcode in versions up to…
CVE-2024-1073 — CVSS 6.4 (medium): The SlimStat Analytics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'filter_array' parameter in all versions…
CVE-2022-4310 — CVSS 6.1 (medium): The Slimstat Analytics WordPress plugin before 4.9.3 does not sanitise and escape the URI when logging requests, which could allow…
CVE-2015-9273 — CVSS 6.1 (medium): The wp-slimstat (aka Slimstat Analytics) plugin before 4.1.6.1 for WordPress has XSS via an HTTP Referer header, or via a field associated…