CVE-2015-9273

6.1MEDIUM

Key Information:

Vendor: Wordpress
Status: Slimstat Analytics
Vendor: CVE Published:; 7 October 2018

Summary

The wp-slimstat (aka Slimstat Analytics) plugin before 4.1.6.1 for WordPress has XSS via an HTTP Referer header, or via a field associated with JavaScript-based Referer tracking.

References

https://www.openwall.com/lists/oss-security/2015/07/30/1

x_refsource_MISC

https://plugins.trac.wordpress.org/changeset/1204104

x_refsource_MISC

http://plugins.svn.wordpress.org//wp-slimstat/tags/4.1.6....

x_refsource_MISC

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Oct 7, 2018