VYPR

Wp Slimstat

by WordPress

Source repositories

CVEs (8)

  • CVE-2023-33994MedDec 13, 2024
    risk 0.42cvss 6.5epss 0.00

    Missing Authorization vulnerability in VeronaLabs Slimstat Analytics wp-slimstat allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Slimstat Analytics: from n/a through <= 5.0.5.1.

  • CVE-2025-15057HigJan 9, 2026
    risk 0.40cvss 7.2epss 0.00

    The SlimStat Analytics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `fh` (fingerprint) parameter in all versions up to, and including, 5.3.3. This is due to insufficient input sanitization and output escaping on the fingerprint value stored in the…

  • CVE-2025-15055HigJan 9, 2026
    risk 0.40cvss 7.2epss 0.00

    The SlimStat Analytics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'notes' and 'resource' parameters in all versions up to, and including, 5.3.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated…

  • CVE-2025-14151HigDec 19, 2025
    risk 0.40cvss 7.2epss 0.00

    The SlimStat Analytics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'outbound_resource' parameter in the slimtrack AJAX action in all versions up to, and including, 5.3.2. This is due to insufficient input sanitization and output escaping on user…

  • CVE-2019-15112MedAug 21, 2019
    risk 0.40cvss 6.1epss 0.01

    The wp-slimstat plugin before 4.8.1 for WordPress has XSS.

  • CVE-2015-9273MedOct 7, 2018
    risk 0.33cvss 6.1epss 0.01

    The wp-slimstat (aka Slimstat Analytics) plugin before 4.1.6.1 for WordPress has XSS via an HTTP Referer header, or via a field associated with JavaScript-based Referer tracking.

  • CVE-2015-1204Jan 21, 2015
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in the Save Filters functionality in the WP Slimstat plugin before 3.9.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the fs[resource] parameter in the wp-slim-view-2 page to wp-admin/admin.php.

  • CVE-2014-100027Jan 13, 2015
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in the WP SlimStat plugin before 3.5.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via a crafted URL.