Vulnerabilities and security researches forwp-slimstat wp-slimstat

Direction: ascending

Jun 07, 2024

SlimStat Analytics # CVE-2015-1204

CVE, Research URL: CVE-2015-1204
Home page URL: Security reports for SlimStat Analytics
Application: SlimStat Analytics
Date: Jan 21, 2015
Research Description: Cross-site scripting (XSS) vulnerability in the Save Filters functionality in the WP Slimstat plugin before 3.9.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the fs[resource] parameter in the wp-slim-view-2 page to wp-admin/admin.php.
Affected versions: max 3.9.3.
Status: vulnerable

SlimStat Analytics # CVE-2014-100027

CVE, Research URL: CVE-2014-100027
Home page URL: Security reports for SlimStat Analytics
Application: SlimStat Analytics
Date: Jan 13, 2015
Research Description: Cross-site scripting (XSS) vulnerability in the WP SlimStat plugin before 3.5.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
Affected versions: max 3.5.6.
Status: vulnerable

SlimStat Analytics # CVE-2019-15112

CVE, Research URL: CVE-2019-15112
Home page URL: Security reports for SlimStat Analytics
Application: SlimStat Analytics
Date: Aug 21, 2019
Research Description: The wp-slimstat plugin before 4.8.1 for WordPress has XSS.
Affected versions: max 4.8.1.
Status: vulnerable

SlimStat Analytics # CVE-2015-9273

CVE, Research URL: CVE-2015-9273
Home page URL: Security reports for SlimStat Analytics
Application: SlimStat Analytics
Date: Oct 07, 2018
Research Description: The wp-slimstat (aka Slimstat Analytics) plugin before 4.1.6.1 for WordPress has XSS via an HTTP Referer header, or via a field associated with JavaScript-based Referer tracking.
Affected versions: max 4.1.6.1.
Status: vulnerable

SlimStat Analytics # CVE-2023-0630

CVE, Research URL: CVE-2023-0630
Home page URL: Security reports for SlimStat Analytics
Application: SlimStat Analytics
Date: Mar 20, 2023
Research Description: The Slimstat Analytics WordPress plugin before 4.9.3.3 does not prevent subscribers from rendering shortcodes that concatenates attributes directly into an SQL query.
Affected versions: max 4.9.3.3.
Status: vulnerable

SlimStat Analytics # CVE-2022-45366

CVE, Research URL: CVE-2022-45366
Home page URL: Security reports for SlimStat Analytics
Application: SlimStat Analytics
Date: May 25, 2023
Research Description: Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Jason Crouse, VeronaLabs Slimstat Analytics plugin <= 5.0.4 versions.
Affected versions: max 5.0.5.
Status: vulnerable

SlimStat Analytics # CVE-2022-45373

CVE, Research URL: CVE-2022-45373
Home page URL: Security reports for SlimStat Analytics
Application: SlimStat Analytics
Date: Nov 06, 2023
Research Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Jason Crouse, VeronaLabs Slimstat Analytics allows SQL Injection.This issue affects Slimstat Analytics: from n/a through 5.0.4.
Affected versions: max 5.0.5.
Status: vulnerable

SlimStat Analytics # CVE-2022-4310

CVE, Research URL: CVE-2022-4310
Home page URL: Security reports for SlimStat Analytics
Application: SlimStat Analytics
Date: Jan 10, 2023
Research Description: The Slimstat Analytics WordPress plugin before 4.9.3 does not sanitise and escape the URI when logging requests, which could allow unauthenticated attackers to perform Stored Cross-Site Scripting attacks against logged in admin viewing the logs
Affected versions: max 4.9.3.
Status: vulnerable

SlimStat Analytics # CVE-2024-1073

CVE, Research URL: CVE-2024-1073
Home page URL: Security reports for SlimStat Analytics
Application: SlimStat Analytics
Date: Feb 02, 2024
Research Description: The SlimStat Analytics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'filter_array' parameter in all versions up to, and including, 5.1.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions: max 5.1.4.
Status: vulnerable

SlimStat Analytics # CVE-2023-40676

CVE, Research URL: CVE-2023-40676
Home page URL: Security reports for SlimStat Analytics
Application: SlimStat Analytics
Date: Sep 27, 2023
Research Description: Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Jason Crouse, VeronaLabs Slimstat Analytics plugin <= 5.0.8 versions.
Affected versions: max 5.0.9.
Status: vulnerable

SlimStat Analytics # CVE-2023-4597

CVE, Research URL: CVE-2023-4597
Home page URL: Security reports for SlimStat Analytics
Application: SlimStat Analytics
Date: Aug 30, 2023
Research Description: The Slimstat Analytics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'slimstat' shortcode in versions up to, and including, 5.0.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions: max 5.0.10.
Status: vulnerable

SlimStat Analytics # CVE-2023-4598

CVE, Research URL: CVE-2023-4598
Home page URL: Security reports for SlimStat Analytics
Application: SlimStat Analytics
Date: Oct 20, 2023
Research Description: The Slimstat Analytics plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 5.0.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with contributor-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
Affected versions: max 5.0.10.
Status: vulnerable

Jun 10, 2024

SlimStat Analytics # CVE-2023-33994

CVE, Research URL: CVE-2023-33994
Home page URL: Security reports for SlimStat Analytics
Application: SlimStat Analytics
Date: Dec 13, 2024
Research Description: Missing Authorization vulnerability in VeronaLabs Slimstat Analytics wp-slimstat allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Slimstat Analytics: from n/a through <= 5.0.5.1.
Affected versions: max 5.0.6.
Status: vulnerable

Oct 16, 2024

SlimStat Analytics # CVE-2024-9548

CVE, Research URL: CVE-2024-9548
Home page URL: Security reports for SlimStat Analytics
Application: SlimStat Analytics
Date: Oct 15, 2024
Research Description: The SlimStat Analytics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the resource parameter in all versions up to, and including, 5.2.6 due to insufficient input sanitization and output escaping when logging visitor requests. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions: max 5.2.7.
Status: vulnerable

Jan 27, 2026

SlimStat Analytics # CVE-2025-15055

CVE, Research URL: CVE-2025-15055
Home page URL: Security reports for SlimStat Analytics
Application: SlimStat Analytics
Date: Jan 09, 2026
Research Description: The SlimStat Analytics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'notes' and 'resource' parameters in all versions up to, and including, 5.3.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever an administrator accesses the Recent Custom Events report.
Affected versions: max 5.3.5.
Status: vulnerable

SlimStat Analytics # CVE-2025-15057

CVE, Research URL: CVE-2025-15057
Home page URL: Security reports for SlimStat Analytics
Application: SlimStat Analytics
Date: Jan 09, 2026
Research Description: The SlimStat Analytics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `fh` (fingerprint) parameter in all versions up to, and including, 5.3.3. This is due to insufficient input sanitization and output escaping on the fingerprint value stored in the database. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever an administrator views the Real-time Access Log report.
Affected versions: max 5.3.4.
Status: vulnerable

SlimStat Analytics # CVE-2025-14151

CVE, Research URL: CVE-2025-14151
Home page URL: Security reports for SlimStat Analytics
Application: SlimStat Analytics
Date: Dec 19, 2025
Research Description: The SlimStat Analytics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'outbound_resource' parameter in the slimtrack AJAX action in all versions up to, and including, 5.3.2. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions: max 5.3.3.
Status: vulnerable

Feb 27, 2026

SlimStat Analytics # CVE-2025-69323

CVE, Research URL: CVE-2025-69323
Home page URL: Security reports for SlimStat Analytics
Application: SlimStat Analytics
Date: Feb 20, 2026
Research Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VeronaLabs Slimstat Analytics wp-slimstat allows Reflected XSS.This issue affects Slimstat Analytics: from n/a through <= 5.3.2.
Affected versions: max 5.3.3.
Status: vulnerable

SlimStat Analytics # CVE-2025-13431

CVE, Research URL: CVE-2025-13431
Home page URL: Security reports for SlimStat Analytics
Application: SlimStat Analytics
Date: Feb 11, 2026
Research Description: The SlimStat Analytics plugin for WordPress is vulnerable to time-based SQL Injection via the ‘args’ parameter in all versions up to, and including, 5.3.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
Affected versions: max 5.3.2.
Status: vulnerable

Apr 14, 2026

SlimStat Analytics # CVE-2026-1238

CVE, Research URL: CVE-2026-1238
Home page URL: Security reports for SlimStat Analytics
Application: SlimStat Analytics
Date: Mar 19, 2026
Research Description: The SlimStat Analytics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'fh' (fingerprint) parameter in all versions up to, and including, 5.3.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions: max 5.4.0.
Status: vulnerable

May 28, 2026

SlimStat Analytics # CVE-2026-7634

CVE, Research URL: CVE-2026-7634
Home page URL: Security reports for SlimStat Analytics
Application: SlimStat Analytics
Date: May 28, 2026
Research Description: The SlimStat Analytics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'User-Agent' header in all versions up to, and including, 5.4.11 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. The show_complete_user_agent_tooltip setting must be explicitly enabled by an administrator (disabled by default) for the stored payload to be rendered and executed.
Affected versions: max 5.4.12.
Status: vulnerable

Jun 13, 2026

SlimStat Analytics # CVE-2026-27410

CVE, Research URL: CVE-2026-27410
Home page URL: Security reports for SlimStat Analytics
Application: SlimStat Analytics
Date: Jun 17, 2026
Research Description: Unauthenticated Deserialization of untrusted data in Slimstat Analytics < 5.4.0 versions.
Affected versions: max 5.4.0.
Status: vulnerable

Jun 16, 2026

SlimStat Analytics # 1528b3cc3937a9c81cc4137bbfaec62f4b90c0a7

CVE, Research URL: 1528b3cc3937a9c81cc4137bbfaec62f4b90c0a7
Home page URL: Security reports for SlimStat Analytics
Application: SlimStat Analytics
Date: May 15, 2015
Research Description: SlimStat Analytics [wp-slimstat] < 3.9.6 WordPress Slimstat Plugin <= 3.9.5 - SQL Injections This plugin is prone to weak cryptographic keys leading to SQL injections. Update the plugin.
Affected versions: max 3.9.6.
Status: vulnerable

SlimStat Analytics # 4fbce60766f41ab69ebf656812aed786c85670f7

CVE, Research URL: 4fbce60766f41ab69ebf656812aed786c85670f7
Home page URL: Security reports for SlimStat Analytics
Application: SlimStat Analytics
Date: May 22, 2019
Research Description: SlimStat Analytics [wp-slimstat] < 4.8.4 Slimstat Analytics <= 4.8.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting The Slimstat Analytics plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.8.3. This is due to missing or incorrect nonce validation on the update_settings function. This makes it possible for unauthenticated attackers to inject arbitrary web scripts that execute in a victim's browser via forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Affected versions: max 4.8.4.
Status: vulnerable

SlimStat Analytics # b5e70d40a63186346fbc7932d21b5656229b5f12

CVE, Research URL: b5e70d40a63186346fbc7932d21b5656229b5f12
Home page URL: Security reports for SlimStat Analytics
Application: SlimStat Analytics
Date: Mar 31, 2023
Research Description: SlimStat Analytics [wp-slimstat] < 4.9.3.4 WordPress Slimstat Analytics Plugin <= 4.9.3.3 is vulnerable to SQL Injection Update the WordPress Slimstat Analytics plugin to the latest available version (at least 4.9.3.4). Unknown discovered and reported this SQL Injection vulnerability in WordPress Slimstat Analytics Plugin. This could allow a malicious actor to directly interact with your database, including but not limited to stealing information. This vulnerability has been fixed in version 4.9.3.4.
Affected versions: max 4.9.3.4.
Status: vulnerable

SlimStat Analytics # 14960f131a2d3d57873893278d2e9ffe695d8cea

CVE, Research URL: 14960f131a2d3d57873893278d2e9ffe695d8cea
Home page URL: Security reports for SlimStat Analytics
Application: SlimStat Analytics
Date: Jul 10, 2019
Research Description: SlimStat Analytics [wp-slimstat] < 4.8.4 WordPress Slimstat Analytics plugin <= 4.8.3 - Cross-Site Request Forgery (CSRF) to Stored Cross-Site Scripting (XSS) + Setting Updates vulnerabilities Cross-Site Request Forgery (CSRF) to Stored Cross-Site Scripting (XSS) + Setting Updates vulnerabilities found in WordPress Slimstat Analytics plugin (versions <= 4.8.3).
Affected versions: max 4.8.4.
Status: vulnerable

SlimStat Analytics # 11bab825fc40ad433585f09ddb853fd0ef786420

CVE, Research URL: 11bab825fc40ad433585f09ddb853fd0ef786420
Home page URL: Security reports for SlimStat Analytics
Application: SlimStat Analytics
Date: Dec 12, 2022
Research Description: SlimStat Analytics [wp-slimstat] < 4.9.3 Slimstat Analytics <= 4.9.2 - Reflected Cross-Site Scripting via REQUEST_URI The Slimstat Analytics plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘$_SERVER['REQUEST_URI']’ parameter in versions up to, and including, 4.9.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. This only works in older browsers.
Affected versions: max 4.9.3.
Status: vulnerable

SlimStat Analytics # d9e3b089c53fd00ce2674b7bf3545274dd625adc

CVE, Research URL: d9e3b089c53fd00ce2674b7bf3545274dd625adc
Home page URL: Security reports for SlimStat Analytics
Application: SlimStat Analytics
Date: May 22, 2019
Research Description: SlimStat Analytics [wp-slimstat] < 4.8.1 WordPress Slimstat plugin <= 4.8 - Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability found by Antony Garand in WordPress Slimstat plugin (versions <= 4.8).
Affected versions: max 4.8.1.
Status: vulnerable

SlimStat Analytics # 6cf31c7661e810fe348d850addacf6ac006dfb64

CVE, Research URL: 6cf31c7661e810fe348d850addacf6ac006dfb64
Home page URL: Security reports for SlimStat Analytics
Application: SlimStat Analytics
Date: Feb 24, 2015
Research Description: SlimStat Analytics [wp-slimstat] < 3.9.6 Slimstat Analytics < 3.9.6 - Unauthenticated Blind SQL Injection The Slimstat Analytics plugin for WordPress is vulnerable to blind SQL Injection via the ‘_data’ parameter in versions before 3.9.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
Affected versions: max 3.9.6.
Status: vulnerable

SlimStat Analytics # 41bacc872c01133177443fac62d5fdc3d63c3387

CVE, Research URL: 41bacc872c01133177443fac62d5fdc3d63c3387
Home page URL: Security reports for SlimStat Analytics
Application: SlimStat Analytics
Date: Mar 30, 2023
Research Description: SlimStat Analytics [wp-slimstat] < 4.9.3.4 Slimstat Analytics <= 4.9.3.3 - Authenticated (Subscriber+) SQL Injection via Shortcode The Slimstat Analytics plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode(s) in versions up to, and including, 4.9.3.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level permissions, and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
Affected versions: max 4.9.3.4.
Status: vulnerable

SlimStat Analytics # 48d4f355f5f5d48fd840eda447128be8185aa78c

CVE, Research URL: 48d4f355f5f5d48fd840eda447128be8185aa78c
Home page URL: Security reports for SlimStat Analytics
Application: SlimStat Analytics
Date: Jul 26, 2015
Research Description: SlimStat Analytics [wp-slimstat] < 4.1.6 WordPress Slimstat Plugin <= 4.1.5.2 - Cross Site Scripting This plugin is prone to a referer header cross site scripting vulnerability. Update the plugin.
Affected versions: max 4.1.6.
Status: vulnerable

SlimStat Analytics # ed39395bb7af0597471e2786a2bb4d2701c948c7

CVE, Research URL: ed39395bb7af0597471e2786a2bb4d2701c948c7
Home page URL: Security reports for SlimStat Analytics
Application: SlimStat Analytics
Date: May 15, 2015
Research Description: SlimStat Analytics [wp-slimstat] < 2.8.5 WordPress SlimStat Plugin <= 2.8.4 - Cross Site Scripting This plugin is prone to a cross site scripting vulnerability via wp-content/plugins/wp-slimstat/admin/view/panel1.php s parameter. Update the plugin.
Affected versions: max 2.8.5.
Status: vulnerable

SlimStat Analytics # 16d6a8b3-e0fa-4c64-a5f8-7ab1c5458c03

CVE, Research URL: 16d6a8b3-e0fa-4c64-a5f8-7ab1c5458c03
Home page URL: Security reports for SlimStat Analytics
Application: SlimStat Analytics
Date: -
Research Description: SlimStat Analytics [wp-slimstat] < 2.8.5 WP SlimStat 2.8.4 - wp-content/plugins/wp-slimstat/admin/view/panel1.php s Parameter XSS The Slimstat Analytics WordPress plugin was affected by a wp-content/plugins/wp-slimstat/admin/view/panel1.php s Parameter XSS security vulnerability.
Affected versions: max 2.8.5.
Status: vulnerable

SlimStat Analytics # 96f9b0c5-014a-4ccf-a47d-58ba4b5998e5

CVE, Research URL: 96f9b0c5-014a-4ccf-a47d-58ba4b5998e5
Home page URL: Security reports for SlimStat Analytics
Application: SlimStat Analytics
Date: -
Research Description: SlimStat Analytics [wp-slimstat] < 4.8.4 WP Slimstat <= 4.8.3 - CSRF to Stored XSS and Setting Updates Lack of CSRF check and sanitisation in the update_settings() function can lead to settings update, as well as Stored XSS issues
Affected versions: max 4.8.4.
Status: vulnerable

SlimStat Analytics # 329bf34a-e4b1-44d1-b8ad-f43293977d5c

CVE, Research URL: 329bf34a-e4b1-44d1-b8ad-f43293977d5c
Home page URL: Security reports for SlimStat Analytics
Application: SlimStat Analytics
Date: -
Research Description: SlimStat Analytics [wp-slimstat] < 3.9.6 WP Slimstat <= 3.9.5 - Weak Cryptographic Keys Leading to SQL Injections The Slimstat Analytics WordPress plugin was affected by a Weak Cryptographic Keys Leading to SQL Injections security vulnerability.
Affected versions: max 3.9.6.
Status: vulnerable

SlimStat Analytics # 8098312ccb09d633795daaaf848af3921f6f505e

CVE, Research URL: 8098312ccb09d633795daaaf848af3921f6f505e
Home page URL: Security reports for SlimStat Analytics
Application: SlimStat Analytics
Date: Feb 01, 2024
Research Description: SlimStat Analytics [wp-slimstat] < 5.1.4 SlimStat Analytics <= 5.1.3 - Authenticated (Subscriber+) Stored Cross-Site Scripting The SlimStat Analytics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'filter_array' parameter in all versions up to, and including, 5.1.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions: max 5.1.4.
Status: vulnerable

SlimStat Analytics # aab35dba4f416e46e166a2aeedf37f5dd2e3148f

CVE, Research URL: aab35dba4f416e46e166a2aeedf37f5dd2e3148f
Home page URL: Security reports for SlimStat Analytics
Application: SlimStat Analytics
Date: Apr 13, 2023
Research Description: SlimStat Analytics [wp-slimstat] < 4.9.4 WordPress Slimstat Analytics Plugin < 4.9.4 is vulnerable to SQL Injection Update the WordPress Slimstat Analytics plugin to the latest available version (at least 4.9.4). PluginVulnerabilities discovered and reported this SQL Injection vulnerability in WordPress Slimstat Analytics Plugin. This could allow a malicious actor to directly interact with your database, including but not limited to stealing information. This vulnerability has been fixed in version 4.9.4.
Affected versions: max 4.9.4.
Status: vulnerable

SlimStat Analytics # 7aee5497-98c9-454f-989a-bded68ff683c

CVE, Research URL: 7aee5497-98c9-454f-989a-bded68ff683c
Home page URL: Security reports for SlimStat Analytics
Application: SlimStat Analytics
Date: -
Research Description: SlimStat Analytics [wp-slimstat] < 4.9.4 Slimstat Analytics < 4.9.4 - Subscriber+ SQL Injection The plugin does not prevent subscribers from rendering certain shortcodes that concatenate attributes directly into an SQL query.
Affected versions: max 4.9.4.
Status: vulnerable

SlimStat Analytics # ae04c4ec787c5775fb1546302cddddfc9c53365d

CVE, Research URL: ae04c4ec787c5775fb1546302cddddfc9c53365d
Home page URL: Security reports for SlimStat Analytics
Application: SlimStat Analytics
Date: -
Research Description: SlimStat Analytics [wp-slimstat] < 5.1.4 WordPress Slimstat Analytics Plugin <= 5.1.3 is vulnerable to Cross Site Scripting (XSS) Update the WordPress Slimstat Analytics plugin to the latest available version (at least 5.1.4). Lucio Sá discovered and reported this Cross Site Scripting (XSS) vulnerability in WordPress Slimstat Analytics Plugin. This could allow a malicious actor to inject malicious scripts, such as redirects, advertisements, and other HTML payloads into your website which will be executed when guests visit your site. This vulnerability has been fixed in version 5.1.4. Have additional information or questions about this entry? Get in touch.
Affected versions: max 5.1.4.
Status: vulnerable

Jun 19, 2026

SlimStat Analytics # CVE-2026-54818

CVE, Research URL: CVE-2026-54818
Home page URL: Security reports for SlimStat Analytics
Application: SlimStat Analytics
Date: Jun 17, 2026
Research Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in VeronaLabs Slimstat Analytics allows Blind SQL Injection. This issue affects Slimstat Analytics: from n/a through 5.4.11.
Affected versions: max 5.4.12.
Status: vulnerable