SlimStat Analytics

Wordfence Intelligence   >   Vulnerability Database   >   WordPress Plugins   >   SlimStat Analytics

Information

Software Type Plugin
Software Slug wp-slimstat (view on wordpress.org)
Software Status Active
Software Author mostafas1990
Software Website wp-slimstat.com
Software Downloads 6,302,165
Software Active Installs 90,000
Software Record Last Updated July 26, 2024

17 Vulnerabilities

SlimStat Analytics <= 5.1.3 - Authenticated (Subscriber+) Stored Cross-Site Scripting
6.4
CVE-2024-1073
Feb 1, 2024
Researcher: Lucio Sá
Slimstat Analytics <= 5.0.9 - Authenticated (Contributor+) Blind SQL Injection via Shortcode
8.8
CVE-2023-4598
Sep 11, 2023
Researchers: Chloe Chamberland, István Márton
Slimstat Analytics <= 5.0.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
6.4
CVE-2023-4597
Aug 28, 2023
Researcher: István Márton
Slimstat Analytics <= 5.0.8 - Authenticated (Administrator+) Stored Cross-Site Scripting via settings
4.4
CVE-2023-40676
Aug 22, 2023
Researcher: Rio Darmawan
Slimstat Analytics <= 5.0.5.1 - Missing Authorization via delete_pageview
4.3
CVE-2023-33994
Aug 22, 2023
Researcher: Rafshanzani Suhada
Slimstat Analytics <= 5.0.4 - Reflected Cross-Site Scripting
6.1
CVE-2022-45366
May 11, 2023
Researcher: Rafie Muhammad
Slimstat Analytics <= 5.0.4 - Authenticated (Administrator+) SQL Injection
7.2
CVE-2022-45373
May 11, 2023
Researcher: Rafie Muhammad
Slimstat Analytics <= 4.9.3.3 - Authenticated (Subscriber+) SQL Injection via Shortcode
8.8
CVE ID Unknown
Mar 30, 2023
Researchers:
Slimstat Analytics <= 4.9.3.2 - Authenticated (Subscriber+) SQL Injection via Shortcode
8.8
CVE-2023-0630
Feb 23, 2023
Researcher: Marc-Alexandre Montpas
Slimstat Analytics <= 4.9.2 - Unauthenticated Stored Cross-Site Scripting
7.2
CVE-2022-4310
Dec 19, 2022
Researcher: Bilal Chawich
Slimstat Analytics <= 4.9.2 - Reflected Cross-Site Scripting via REQUEST_URI
6.1
CVE ID Unknown
Dec 12, 2022
Researchers:
Slimstat Analytics <= 4.8.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting
8.8
CVE ID Unknown
May 22, 2019
Researchers:
WP Slimstat <= 4.8 - Unauthenticated Stored Cross-Site Scripting from Visitors
6.1
CVE-2019-15112
May 21, 2019
Researcher: Antony Garand
Slimstat Analytics < 4.1.6.1 - Cross-Site Scripting
6.1
CVE-2015-9273
Jul 22, 2015
Researcher: Sam Pizzey (mopman)
Slimstat Analytics < 3.9.6 - Unauthenticated Blind SQL Injection
8.2
CVE ID Unknown
Feb 24, 2015
Researcher: Marc-Alexandre Montpas
Slimstat Analytics <= 3.5.5 - Stored Cross-Site Scripting
6.1
CVE-2014-100027
Jan 13, 2015
Researcher: lnxg33k
Slimstat Analytics <= 3.9.2 - Cross-Site Scripting
6.1
CVE-2015-1204
Jan 6, 2015
Researcher: LOUDIYI MOHAMED
Title Status CVE ID CVSS Researchers Date
SlimStat Analytics <= 5.1.3 - Authenticated (Subscriber+) Stored Cross-Site Scripting Patched CVE-2024-1073 6.4 Lucio Sá February 1, 2024
Slimstat Analytics <= 5.0.9 - Authenticated (Contributor+) Blind SQL Injection via Shortcode Patched CVE-2023-4598 8.8 Chloe Chamberland, István Márton September 11, 2023
Slimstat Analytics <= 5.0.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Patched CVE-2023-4597 6.4 István Márton August 28, 2023
Slimstat Analytics <= 5.0.8 - Authenticated (Administrator+) Stored Cross-Site Scripting via settings Patched CVE-2023-40676 4.4 Rio Darmawan August 22, 2023
Slimstat Analytics <= 5.0.5.1 - Missing Authorization via delete_pageview Patched CVE-2023-33994 4.3 Rafshanzani Suhada August 22, 2023
Slimstat Analytics <= 5.0.4 - Reflected Cross-Site Scripting Patched CVE-2022-45366 6.1 Rafie Muhammad May 11, 2023
Slimstat Analytics <= 5.0.4 - Authenticated (Administrator+) SQL Injection Patched CVE-2022-45373 7.2 Rafie Muhammad May 11, 2023
Slimstat Analytics <= 4.9.3.3 - Authenticated (Subscriber+) SQL Injection via Shortcode Patched 8.8 March 30, 2023
Slimstat Analytics <= 4.9.3.2 - Authenticated (Subscriber+) SQL Injection via Shortcode Patched CVE-2023-0630 8.8 Marc-Alexandre Montpas February 23, 2023
Slimstat Analytics <= 4.9.2 - Unauthenticated Stored Cross-Site Scripting Patched CVE-2022-4310 7.2 Bilal Chawich December 19, 2022
Slimstat Analytics <= 4.9.2 - Reflected Cross-Site Scripting via REQUEST_URI Patched 6.1 December 12, 2022
Slimstat Analytics <= 4.8.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting Patched 8.8 May 22, 2019
WP Slimstat <= 4.8 - Unauthenticated Stored Cross-Site Scripting from Visitors Patched CVE-2019-15112 6.1 Antony Garand May 21, 2019
Slimstat Analytics < 4.1.6.1 - Cross-Site Scripting Patched CVE-2015-9273 6.1 Sam Pizzey (mopman) July 22, 2015
Slimstat Analytics < 3.9.6 - Unauthenticated Blind SQL Injection Patched 8.2 Marc-Alexandre Montpas February 24, 2015
Slimstat Analytics <= 3.5.5 - Stored Cross-Site Scripting Patched CVE-2014-100027 6.1 lnxg33k January 13, 2015
Slimstat Analytics <= 3.9.2 - Cross-Site Scripting Patched CVE-2015-1204 6.1 LOUDIYI MOHAMED January 6, 2015

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation