SQL Injection Vulnerability in Slimstat Analytics for WordPress
CVE-2023-4598

8.8HIGH

Key Information:

Vendor: WordPress
Status: Slimstat Analytics
Vendor: CVE Published:; 20 October 2023

What is CVE-2023-4598?

The Slimstat Analytics plugin for WordPress suffers from a SQL Injection vulnerability due to inadequate escaping of user-supplied parameters and insufficient preparation of the SQL query. Authenticated users with contributor-level rights or higher can exploit this flaw to inject malicious queries, potentially exposing sensitive database information. This vulnerability affects all versions up to and including 5.0.9.

Affected Version(s)

Slimstat Analytics * <= 5.0.9

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://plugins.trac.wordpress.org/browser/wp-slimstat/ta...

https://plugins.trac.wordpress.org/changeset?sfp_email=&s...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 20, 2023
Vulnerability Reserved
Aug 29, 2023

Credit

Chloe Chamberland

Lana Codes