Slimstat Analytics

1 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest

CVE-2026-1238 HIGH This Week

The SlimStat Analytics plugin for WordPress contains a Stored Cross-Site Scripting vulnerability in the 'fh' (fingerprint) parameter that allows unauthenticated attackers to inject malicious scripts into pages. All versions up to and including 5.3.5 are affected due to insufficient input sanitization and output escaping. The vulnerability has a CVSS score of 7.2 with network-based attack vector requiring no privileges or user interaction, though no active exploitation (KEV) or EPSS data is currently reported.

WordPress XSS Slimstat Analytics

NVD

CVSS 3.1

7.2

EPSS

0.1%

CVE-2026-1238

EPSS 0% CVSS 7.2

HIGH This Week

The SlimStat Analytics plugin for WordPress contains a Stored Cross-Site Scripting vulnerability in the 'fh' (fingerprint) parameter that allows unauthenticated attackers to inject malicious scripts into pages. All versions up to and including 5.3.5 are affected due to insufficient input sanitization and output escaping. The vulnerability has a CVSS score of 7.2 with network-based attack vector requiring no privileges or user interaction, though no active exploitation (KEV) or EPSS data is currently reported.

WordPress XSS Slimstat Analytics

NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy