SQL Injection Vulnerability in Slimstat Analytics for WordPress
CVE-2023-4598

6.5MEDIUM

Key Information:

Vendor: Wordpress
Status: Slimstat Analytics
Vendor: CVE Published:; 20 October 2023

Summary

The Slimstat Analytics plugin for WordPress suffers from a SQL Injection vulnerability due to inadequate escaping of user-supplied parameters and insufficient preparation of the SQL query. Authenticated users with contributor-level rights or higher can exploit this flaw to inject malicious queries, potentially exposing sensitive database information. This vulnerability affects all versions up to and including 5.0.9.

Affected Version(s)

Slimstat Analytics * <= 5.0.9

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://plugins.trac.wordpress.org/browser/wp-slimstat/ta...

https://plugins.trac.wordpress.org/changeset?sfp_email=&s...

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 20, 2023
Vulnerability Reserved
Aug 29, 2023

Credit

Chloe Chamberland

Lana Codes