SlimStat Analytics Plugin Vulnerable to Stored Cross-Site Scripting
CVE-2024-9548

6.1MEDIUM

Key Information:

Vendor: Wordpress
Status: Slimstat Analytics
Vendor: CVE Published:; 15 October 2024

Summary

The SlimStat Analytics plugin for WordPress is susceptible to a Stored Cross-Site Scripting vulnerability through the resource parameter. This issue arises from inadequate sanitization of input and improper output escaping during the logging of visitor requests, affecting all versions up to and including 5.2.6. As a result, unauthenticated attackers can exploit this flaw to embed arbitrary web scripts into pages. These scripts are executed whenever a user accesses a compromised page, potentially leading to a range of security problems, including session hijacking and data theft.

Affected Version(s)

SlimStat Analytics * <= 5.2.6

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://plugins.trac.wordpress.org/browser/wp-slimstat/ta...

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Oct 15, 2024
Vulnerability Reserved
Oct 4, 2024

Credit

Bilal Chawich