cleantalk
Vulnerabilities and Security Researches

SlimStat Analytics, CVE-2024-1073

CVE, Research URL

CVE-2024-1073

Home page URL

Security reports for SlimStat Analytics

Application

SlimStat Analytics

Published on
Feb 02, 2024
Research Description
The SlimStat Analytics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'filter_array' parameter in all versions up to, and including, 5.1.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions
max 5.1.4.
Status
vulnerable
Previous vulnerability researches
SlimStat Analytics (CVE-2025-14151) , Jan 27, 2026
SlimStat Analytics (CVE-2015-1204) , Jun 07, 2024
SlimStat Analytics (CVE-2014-100027) , Jun 07, 2024
SlimStat Analytics (CVE-2019-15112) , Jun 07, 2024
SlimStat Analytics (CVE-2015-9273) , Jun 07, 2024
New vulnerability
Visual Website Collaboration, Feedback & Project Management – Atarim (CVE-2026-25019) , Feb 27, 2026
Visual Website Collaboration, Feedback & Project Management – Atarim (CVE-2025-67993) , Feb 27, 2026
Photos and Files Contest Gallery – Contact Form, Upload Form, Social Share and Voting Plugin for WordPress (CVE-2026-24965) , Feb 27, 2026
Nelio AB Testing (CVE-2026-25378) , Feb 27, 2026
VK All in One Expansion Unit (CVE-2025-11737) , Feb 27, 2026