cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-9548,https://securityvulnerability.io/vulnerability/CVE-2024-9548,SlimStat Analytics Plugin Vulnerable to Stored Cross-Site Scripting,"The SlimStat Analytics plugin for WordPress is susceptible to a Stored Cross-Site Scripting vulnerability through the resource parameter. This issue arises from inadequate sanitization of input and improper output escaping during the logging of visitor requests, affecting all versions up to and including 5.2.6. As a result, unauthenticated attackers can exploit this flaw to embed arbitrary web scripts into pages. These scripts are executed whenever a user accesses a compromised page, potentially leading to a range of security problems, including session hijacking and data theft.",Wordpress,Slimstat Analytics,6.1,MEDIUM,0.0005200000014156103,false,,false,false,false,,false,false,2024-10-15T00:15:00.000Z,0
CVE-2024-1073,https://securityvulnerability.io/vulnerability/CVE-2024-1073,Stored Cross-Site Scripting Vulnerability in SlimStat Analytics Plugin for WordPress,"The SlimStat Analytics plugin for WordPress exhibits a vulnerability that allows authenticated users with subscriber-level access or higher to engage in Stored Cross-Site Scripting through the 'filter_array' parameter. This risk stems from inadequate input sanitization and output escaping, enabling attackers to inject malicious scripts into pages. Consequently, these scripts are executed in the browser of any user who accesses the compromised page, posing serious security threats.",Wordpress,SlimStat Analytics,5.4,MEDIUM,0.0005600000149570405,false,,false,false,false,,false,false,2024-02-02T04:32:34.048Z,0
CVE-2023-4598,https://securityvulnerability.io/vulnerability/CVE-2023-4598,SQL Injection Vulnerability in Slimstat Analytics for WordPress,"The Slimstat Analytics plugin for WordPress suffers from a SQL Injection vulnerability due to inadequate escaping of user-supplied parameters and insufficient preparation of the SQL query. Authenticated users with contributor-level rights or higher can exploit this flaw to inject malicious queries, potentially exposing sensitive database information. This vulnerability affects all versions up to and including 5.0.9.",Wordpress,Slimstat Analytics,6.5,MEDIUM,0.0011899999808520079,false,,false,false,false,,false,false,2023-10-20T07:15:00.000Z,0
CVE-2023-4597,https://securityvulnerability.io/vulnerability/CVE-2023-4597,Stored Cross-Site Scripting Vulnerability in Slimstat Analytics Plugin for WordPress,"The Slimstat Analytics plugin for WordPress is vulnerable to Stored Cross-Site Scripting (XSS) due to inadequate input sanitization and output escaping in the 'slimstat' shortcode. This issue affects versions up to and including 5.0.9 and allows authenticated attackers, holding contributor-level permissions or higher, to inject arbitrary web scripts. These scripts can execute on pages viewed by users, leading to potential exploitation of the website's visitors and unauthorized data access.",Wordpress,Slimstat Analytics,6.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2023-08-30T02:15:00.000Z,0
CVE-2023-0630,https://securityvulnerability.io/vulnerability/CVE-2023-0630,Slimstat Analytics < 4.9.3.3 - Subscriber+ SQL Injection,"The Slimstat Analytics WordPress plugin prior to version 4.9.3.3 is susceptible to SQL injection attacks due to insufficient validation of user inputs. Subscribers are able to execute malicious shortcodes that directly append attributes into SQL queries. This vulnerability could allow attackers to manipulate database queries, leading to unauthorized data access, data loss, or corruption.",Wordpress,Slimstat Analytics,8.8,HIGH,0.36500999331474304,false,,false,false,true,true,false,false,2023-03-20T16:15:00.000Z,0
CVE-2022-4310,https://securityvulnerability.io/vulnerability/CVE-2022-4310,Slimstat Analytics < 4.9.3 - Unauthenticated Stored XSS,"The Slimstat Analytics WordPress plugin before 4.9.3 does not sanitise and escape the URI when logging requests, which could allow unauthenticated attackers to perform Stored Cross-Site Scripting attacks against logged in admin viewing the logs",Wordpress,Slimstat Analytics,6.1,MEDIUM,0.0009399999980814755,false,,false,false,false,,false,false,2023-01-09T22:13:26.488Z,0
CVE-2019-15112,https://securityvulnerability.io/vulnerability/CVE-2019-15112,,The wp-slimstat plugin before 4.8.1 for WordPress has XSS.,Wordpress,Slimstat Analytics,6.1,MEDIUM,0.0006200000061653554,false,,false,false,true,true,false,false,2019-08-21T12:37:36.000Z,0
CVE-2015-9273,https://securityvulnerability.io/vulnerability/CVE-2015-9273,,"The wp-slimstat (aka Slimstat Analytics) plugin before 4.1.6.1 for WordPress has XSS via an HTTP Referer header, or via a field associated with JavaScript-based Referer tracking.",Wordpress,Slimstat Analytics,6.1,MEDIUM,0.0011899999808520079,false,,false,false,false,,false,false,2018-10-07T17:29:00.000Z,0