Reflected XSS Vulnerability in Slimstat Analytics by VeronaLabs
CVE-2025-69323

7.1HIGH

Key Information:

Vendor: WordPress
Status: Slimstat Analytics
Vendor: CVE Published:; 20 February 2026

What is CVE-2025-69323?

The Slimstat Analytics plugin for WordPress, developed by VeronaLabs, is susceptible to a reflected cross-site scripting (XSS) vulnerability. This issue arises due to improper handling of user inputs during web page generation, potentially allowing attackers to execute malicious scripts in the context of the user's browser. Affected versions range from n/a through 5.3.2, which could pose a risk to site administrators and users. It is crucial to assess your current version and apply the latest updates to mitigate the potential risks associated with this vulnerability.

Affected Version(s)

Slimstat Analytics 0 <= 5.3.2

References

https://patchstack.com/database/Wordpress/Plugin/wp-slims...

vdb-entry

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 20, 2026
Vulnerability Reserved
Dec 31, 2025

Credit

mcdruid | Patchstack Bug Bounty Program

CVE-2025-69323 Data

JSON