cleantalk
Vulnerabilities and Security Researches

SlimStat Analytics, 6cf31c7661e810fe348d850addacf6ac006dfb64

CVE, Research URL

6cf31c7661e810fe348d850addacf6ac006dfb64

Home page URL

Security reports for SlimStat Analytics

Application

SlimStat Analytics

Published on
Feb 24, 2015
Research Description
SlimStat Analytics [wp-slimstat] < 3.9.6 Slimstat Analytics < 3.9.6 - Unauthenticated Blind SQL Injection The Slimstat Analytics plugin for WordPress is vulnerable to blind SQL Injection via the ‘_data’ parameter in versions before 3.9.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
Affected versions
max 3.9.6.
Status
vulnerable
Previous vulnerability researches
SlimStat Analytics (CVE-2025-14151) , Jan 27, 2026
SlimStat Analytics (CVE-2026-7634) , May 28, 2026
SlimStat Analytics (1528b3cc3937a9c81cc4137bbfaec62f4b90c0a7) , Jun 16, 2026
SlimStat Analytics (4fbce60766f41ab69ebf656812aed786c85670f7) , Jun 16, 2026
SlimStat Analytics (b5e70d40a63186346fbc7932d21b5656229b5f12) , Jun 16, 2026
New vulnerability
Form Maker by 10Web &#8211; Mobile-Friendly Drag &amp; Drop Contact Form Builder (CVE-2026-11777) , Jun 19, 2026
Form Maker by 10Web &#8211; Mobile-Friendly Drag &amp; Drop Contact Form Builder (CVE-2026-11776) , Jun 19, 2026
LearnPress &#8211; WordPress LMS Plugin (CVE-2026-8383) , Jun 19, 2026
WP Travel Gutenberg Blocks (CVE-2026-54808) , Jun 19, 2026
BetterDocs – Best Documentation, FAQ &amp; Knowledge Base Plugin with AI Support (CVE-2026-12157) , Jun 19, 2026