SlimStat Analytics

Wordfence Intelligence   >   Vulnerability Database   >   WordPress Plugins   >   SlimStat Analytics

Information

Software Type Plugin
Software Slug wp-slimstat (view on wordpress.org)
Software Status Active
Software Author mostafas1990
Software Website wp-slimstat.com
Software Downloads 6,007,120
Software Active Installs 100,000
Software Record Last Updated December 4, 2023

16 Vulnerabilities

Slimstat Analytics <= 5.0.9 - Authenticated (Contributor+) Blind SQL Injection via Shortcode
8.8
CVE-2023-4598
Sep 11, 2023
Researchers: Chloe Chamberland, István Márton
Slimstat Analytics <= 5.0.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
6.4
CVE-2023-4597
Aug 28, 2023
Researcher: István Márton
Slimstat Analytics <= 5.0.5.1 - Missing Authorization via delete_pageview
4.3
CVE-2023-33994
Aug 22, 2023
Researcher: Rafshanzani Suhada
Slimstat Analytics <= 5.0.8 - Authenticated (Administrator+) Stored Cross-Site Scripting via settings
4.4
CVE-2023-40676
Aug 22, 2023
Researcher: Rio Darmawan
Slimstat Analytics <= 5.0.4 - Authenticated (Administrator+) SQL Injection
7.2
CVE-2022-45373
May 11, 2023
Researcher: Rafie Muhammad
Slimstat Analytics <= 5.0.4 - Reflected Cross-Site Scripting
6.1
CVE-2022-45366
May 11, 2023
Researcher: Rafie Muhammad
Slimstat Analytics <= 4.9.3.3 - Authenticated (Subscriber+) SQL Injection via Shortcode
8.8
CVE ID Unknown
Mar 30, 2023
Researchers:
Slimstat Analytics <= 4.9.3.2 - Authenticated (Subscriber+) SQL Injection via Shortcode
8.8
CVE-2023-0630
Feb 23, 2023
Researcher: Marc-Alexandre Montpas
Slimstat Analytics <= 4.9.2 - Unauthenticated Stored Cross-Site Scripting
7.2
CVE-2022-4310
Dec 19, 2022
Researcher: Bilal Chawich
Slimstat Analytics <= 4.9.2 - Reflected Cross-Site Scripting via REQUEST_URI
6.1
CVE ID Unknown
Dec 12, 2022
Researchers:
Slimstat Analytics <= 4.8.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting
8.8
CVE ID Unknown
May 22, 2019
Researchers:
WP Slimstat <= 4.8 - Unauthenticated Stored Cross-Site Scripting from Visitors
6.1
CVE-2019-15112
May 21, 2019
Researcher: Antony Garand
Slimstat Analytics < 4.1.6.1 - Cross-Site Scripting
6.1
CVE-2015-9273
Jul 22, 2015
Researcher: Sam Pizzey
Slimstat Analytics < 3.9.6 - Unauthenticated Blind SQL Injection
8.2
CVE ID Unknown
Feb 24, 2015
Researcher: Marc-Alexandre Montpas
Slimstat Analytics <= 3.5.5 - Stored Cross-Site Scripting
6.1
CVE-2014-100027
Jan 13, 2015
Researcher: lnxg33k
Slimstat Analytics <= 3.9.2 - Cross-Site Scripting
6.1
CVE-2015-1204
Jan 6, 2015
Researcher: LOUDIYI MOHAMED
Title CVE ID CVSS Researchers Date
Slimstat Analytics <= 5.0.9 - Authenticated (Contributor+) Blind SQL Injection via Shortcode CVE-2023-4598 8.8 Chloe Chamberland, István Márton September 11, 2023
Slimstat Analytics <= 5.0.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode CVE-2023-4597 6.4 István Márton August 28, 2023
Slimstat Analytics <= 5.0.5.1 - Missing Authorization via delete_pageview CVE-2023-33994 4.3 Rafshanzani Suhada August 22, 2023
Slimstat Analytics <= 5.0.8 - Authenticated (Administrator+) Stored Cross-Site Scripting via settings CVE-2023-40676 4.4 Rio Darmawan August 22, 2023
Slimstat Analytics <= 5.0.4 - Authenticated (Administrator+) SQL Injection CVE-2022-45373 7.2 Rafie Muhammad May 11, 2023
Slimstat Analytics <= 5.0.4 - Reflected Cross-Site Scripting CVE-2022-45366 6.1 Rafie Muhammad May 11, 2023
Slimstat Analytics <= 4.9.3.3 - Authenticated (Subscriber+) SQL Injection via Shortcode 8.8 March 30, 2023
Slimstat Analytics <= 4.9.3.2 - Authenticated (Subscriber+) SQL Injection via Shortcode CVE-2023-0630 8.8 Marc-Alexandre Montpas February 23, 2023
Slimstat Analytics <= 4.9.2 - Unauthenticated Stored Cross-Site Scripting CVE-2022-4310 7.2 Bilal Chawich December 19, 2022
Slimstat Analytics <= 4.9.2 - Reflected Cross-Site Scripting via REQUEST_URI 6.1 December 12, 2022
Slimstat Analytics <= 4.8.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting 8.8 May 22, 2019
WP Slimstat <= 4.8 - Unauthenticated Stored Cross-Site Scripting from Visitors CVE-2019-15112 6.1 Antony Garand May 21, 2019
Slimstat Analytics < 4.1.6.1 - Cross-Site Scripting CVE-2015-9273 6.1 Sam Pizzey July 22, 2015
Slimstat Analytics < 3.9.6 - Unauthenticated Blind SQL Injection 8.2 Marc-Alexandre Montpas February 24, 2015
Slimstat Analytics <= 3.5.5 - Stored Cross-Site Scripting CVE-2014-100027 6.1 lnxg33k January 13, 2015
Slimstat Analytics <= 3.9.2 - Cross-Site Scripting CVE-2015-1204 6.1 LOUDIYI MOHAMED January 6, 2015

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation