cleantalk
Vulnerabilities and Security Researches

SlimStat Analytics, 11bab825fc40ad433585f09ddb853fd0ef786420

CVE, Research URL

11bab825fc40ad433585f09ddb853fd0ef786420

Home page URL

Security reports for SlimStat Analytics

Application

SlimStat Analytics

Published on
Dec 12, 2022
Research Description
SlimStat Analytics [wp-slimstat] < 4.9.3 Slimstat Analytics <= 4.9.2 - Reflected Cross-Site Scripting via REQUEST_URI The Slimstat Analytics plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘$_SERVER['REQUEST_URI']’ parameter in versions up to, and including, 4.9.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. This only works in older browsers.
Affected versions
max 4.9.3.
Status
vulnerable
Previous vulnerability researches
SlimStat Analytics (CVE-2025-14151) , Jan 27, 2026
SlimStat Analytics (CVE-2026-7634) , May 28, 2026
SlimStat Analytics (1528b3cc3937a9c81cc4137bbfaec62f4b90c0a7) , Jun 16, 2026
SlimStat Analytics (4fbce60766f41ab69ebf656812aed786c85670f7) , Jun 16, 2026
SlimStat Analytics (b5e70d40a63186346fbc7932d21b5656229b5f12) , Jun 16, 2026
New vulnerability
Form Maker by 10Web &#8211; Mobile-Friendly Drag &amp; Drop Contact Form Builder (CVE-2026-11777) , Jun 19, 2026
Form Maker by 10Web &#8211; Mobile-Friendly Drag &amp; Drop Contact Form Builder (CVE-2026-11776) , Jun 19, 2026
LearnPress &#8211; WordPress LMS Plugin (CVE-2026-8383) , Jun 19, 2026
WP Travel Gutenberg Blocks (CVE-2026-54808) , Jun 19, 2026
BetterDocs – Best Documentation, FAQ &amp; Knowledge Base Plugin with AI Support (CVE-2026-12157) , Jun 19, 2026