SlimStat Analytics

Information

Software Type Plugin
Software Slug wp-slimstat (view on wordpress.org)
Software Status Active
Software Author mostafas1990
Software Website wp-slimstat.com
Software Downloads 6,499,443
Software Active Installs 90,000
Software Record Last Updated December 18, 2024

18 Vulnerabilities

Title Status CVE ID CVSS Researchers Date
Slimstat Analytics <= 5.0.9 - Authenticated (Contributor+) Blind SQL Injection via Shortcode Patched CVE-2023-4598 8.8 Chloe Chamberland, István Márton September 11, 2023
Slimstat Analytics <= 4.9.3.3 - Authenticated (Subscriber+) SQL Injection via Shortcode Patched 8.8 March 30, 2023
Slimstat Analytics <= 4.9.3.2 - Authenticated (Subscriber+) SQL Injection via Shortcode Patched CVE-2023-0630 8.8 Marc-Alexandre Montpas February 23, 2023
Slimstat Analytics <= 4.8.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting Patched 8.8 May 22, 2019
Slimstat Analytics < 3.9.6 - Unauthenticated Blind SQL Injection Patched 8.2 Marc-Alexandre Montpas February 24, 2015
Slimstat Analytics <= 5.2.6 - Unauthenticated Stored Cross-Site Scripting Patched CVE-2024-9548 7.2 Bilal Chawich (Duke) October 14, 2024
Slimstat Analytics <= 5.0.4 - Authenticated (Administrator+) SQL Injection Patched CVE-2022-45373 7.2 Rafie Muhammad May 11, 2023
Slimstat Analytics <= 4.9.2 - Unauthenticated Stored Cross-Site Scripting Patched CVE-2022-4310 7.2 Bilal Chawich (Duke) December 19, 2022
SlimStat Analytics <= 5.1.3 - Authenticated (Subscriber+) Stored Cross-Site Scripting Patched CVE-2024-1073 6.4 Lucio Sá February 1, 2024
Slimstat Analytics <= 5.0.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Patched CVE-2023-4597 6.4 István Márton August 28, 2023
Slimstat Analytics <= 5.0.4 - Reflected Cross-Site Scripting Patched CVE-2022-45366 6.1 Rafie Muhammad May 11, 2023
Slimstat Analytics <= 4.9.2 - Reflected Cross-Site Scripting via REQUEST_URI Patched 6.1 December 12, 2022
WP Slimstat <= 4.8 - Unauthenticated Stored Cross-Site Scripting from Visitors Patched CVE-2019-15112 6.1 Antony Garand May 21, 2019
Slimstat Analytics < 4.1.6.1 - Cross-Site Scripting Patched CVE-2015-9273 6.1 Sam Pizzey (mopman) July 22, 2015
Slimstat Analytics <= 3.5.5 - Stored Cross-Site Scripting Patched CVE-2014-100027 6.1 lnxg33k January 13, 2015
Slimstat Analytics <= 3.9.2 - Cross-Site Scripting Patched CVE-2015-1204 6.1 LOUDIYI MOHAMED January 6, 2015
Slimstat Analytics <= 5.0.8 - Authenticated (Administrator+) Stored Cross-Site Scripting via settings Patched CVE-2023-40676 4.4 Rio Darmawan August 22, 2023
Slimstat Analytics <= 5.0.5.1 - Missing Authorization via delete_pageview Patched CVE-2023-33994 4.3 Rafshanzani Suhada August 22, 2023

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation