cleantalk
Vulnerabilities and Security Researches

SlimStat Analytics, 41bacc872c01133177443fac62d5fdc3d63c3387

CVE, Research URL

41bacc872c01133177443fac62d5fdc3d63c3387

Home page URL

Security reports for SlimStat Analytics

Application

SlimStat Analytics

Published on
Mar 30, 2023
Research Description
SlimStat Analytics [wp-slimstat] < 4.9.3.4 Slimstat Analytics <= 4.9.3.3 - Authenticated (Subscriber+) SQL Injection via Shortcode The Slimstat Analytics plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode(s) in versions up to, and including, 4.9.3.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level permissions, and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
Affected versions
max 4.9.3.4.
Status
vulnerable
Previous vulnerability researches
SlimStat Analytics (CVE-2025-14151) , Jan 27, 2026
SlimStat Analytics (CVE-2026-7634) , May 28, 2026
SlimStat Analytics (1528b3cc3937a9c81cc4137bbfaec62f4b90c0a7) , Jun 16, 2026
SlimStat Analytics (4fbce60766f41ab69ebf656812aed786c85670f7) , Jun 16, 2026
SlimStat Analytics (b5e70d40a63186346fbc7932d21b5656229b5f12) , Jun 16, 2026
New vulnerability
Form Maker by 10Web &#8211; Mobile-Friendly Drag &amp; Drop Contact Form Builder (CVE-2026-11777) , Jun 19, 2026
Form Maker by 10Web &#8211; Mobile-Friendly Drag &amp; Drop Contact Form Builder (CVE-2026-11776) , Jun 19, 2026
LearnPress &#8211; WordPress LMS Plugin (CVE-2026-8383) , Jun 19, 2026
WP Travel Gutenberg Blocks (CVE-2026-54808) , Jun 19, 2026
BetterDocs – Best Documentation, FAQ &amp; Knowledge Base Plugin with AI Support (CVE-2026-12157) , Jun 19, 2026