Veronalabs Slimstat Analytics
12 CVEs affecting Veronalabs Slimstat Analytics. Latest disclosed: 2026-05-28. Critical: 0, High: 8.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2023-4598 | High | 8.8 | 2023-10-20 | The Slimstat Analytics plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 5.0.9 due to insufficie… |
CVE-2026-7634 | High | 7.2 | 2026-05-28 | The SlimStat Analytics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'User-Agent' header in all versions up to, and including, 5.4… |
CVE-2026-1238 | High | 7.2 | 2026-03-19 | The SlimStat Analytics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'fh' (fingerprint) parameter in all versions up to, and includ… |
CVE-2025-15055 | High | 7.2 | 2026-01-09 | The SlimStat Analytics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'notes' and 'resource' parameters in all versions up to, and i… |
CVE-2025-15057 | High | 7.2 | 2026-01-09 | The SlimStat Analytics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `fh` (fingerprint) parameter in all versions up to, and includ… |
CVE-2025-14151 | High | 7.2 | 2025-12-19 | The SlimStat Analytics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'outbound_resource' parameter in the slimtrack AJAX action in… |
CVE-2024-9548 | High | 7.2 | 2024-10-14 | The SlimStat Analytics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the resource parameter in all versions up to, and including, 5.2.6… |
CVE-2025-69323 | High | 7.1 | 2026-02-20 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VeronaLabs Slimstat Analytics wp-slimstat allows Reflecte… |
CVE-2025-13431 | Medium | 6.5 | 2026-02-11 | The SlimStat Analytics plugin for WordPress is vulnerable to time-based SQL Injection via the ‘args’ parameter in all versions up to, and including, 5.3.1 due… |
CVE-2023-33994 | Medium | 6.5 | 2024-12-13 | Missing Authorization vulnerability in VeronaLabs Slimstat Analytics wp-slimstat allows Exploiting Incorrectly Configured Access Control Security Levels.This i… |
CVE-2024-1073 | Medium | 6.4 | 2024-02-02 | The SlimStat Analytics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'filter_array' parameter in all versions up to, and including… |
CVE-2023-4597 | Medium | 6.4 | 2023-08-30 | The Slimstat Analytics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'slimstat' shortcode in versions up to, and including, 5.0.9 d… |