cleantalk
Vulnerabilities and Security Researches

SlimStat Analytics, CVE-2025-13431

CVE, Research URL

CVE-2025-13431

Home page URL

Security reports for SlimStat Analytics

Application

SlimStat Analytics

Published on
Feb 11, 2026
Research Description
The SlimStat Analytics plugin for WordPress is vulnerable to time-based SQL Injection via the ‘args’ parameter in all versions up to, and including, 5.3.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
Affected versions
max 5.3.2.
Status
vulnerable
Previous vulnerability researches
WP Job Portal – A Complete Job Board (CVE-2024-11711) , Dec 15, 2024
WP Job Portal – A Complete Job Board (CVE-2024-35759) , Jun 22, 2024
WP Job Portal – A Complete Job Board (CVE-2024-35760) , Jun 22, 2024
WP Job Portal – A Complete Job Board (CVE-2024-11714) , Dec 15, 2024
WP Job Portal – A Complete Job Board (CVE-2025-47438) , May 15, 2025
New vulnerability
Hustle – Email Marketing, Lead Generation, Optins, Popups (CVE-2026-24998) , Feb 27, 2026
Language Translate Widget for WordPress – ConveyThis (CVE-2025-68021) , Feb 27, 2026
RVCFDI para Woocommerce (CVE-2025-69386) , Feb 27, 2026
FeedWordPress Advanced Filters (CVE-2025-68843) , Feb 27, 2026
New User Approve (CVE-2025-69063) , Feb 27, 2026