Slimstat Analytics
Monthly
Blind SQL injection in VeronaLabs Slimstat Analytics WordPress plugin through version 5.4.11 allows authenticated low-privileged users to inject SQL commands via improperly neutralized input. The CVSS 8.5 score reflects scope change (S:C) impacting the broader WordPress database beyond the plugin context, with high confidentiality impact and partial availability impact. No public exploit identified at time of analysis, but the WordPress plugin ecosystem and Patchstack reporting suggest discovery through standard SQLi testing.
Unauthenticated deserialization of untrusted data in the Slimstat Analytics WordPress plugin (versions prior to 5.4.0) allows remote attackers to exploit PHP object injection without authentication. The CVSS vector indicates high attack complexity (AC:H) and scope change (S:C), meaning successful exploitation can affect components beyond the plugin itself - potentially the broader WordPress environment or server. No public exploit identified at time of analysis, and the fix version is confirmed as 5.4.0 per Patchstack reporting.
Blind SQL injection in VeronaLabs Slimstat Analytics WordPress plugin through version 5.4.11 allows authenticated low-privileged users to inject SQL commands via improperly neutralized input. The CVSS 8.5 score reflects scope change (S:C) impacting the broader WordPress database beyond the plugin context, with high confidentiality impact and partial availability impact. No public exploit identified at time of analysis, but the WordPress plugin ecosystem and Patchstack reporting suggest discovery through standard SQLi testing.
Unauthenticated deserialization of untrusted data in the Slimstat Analytics WordPress plugin (versions prior to 5.4.0) allows remote attackers to exploit PHP object injection without authentication. The CVSS vector indicates high attack complexity (AC:H) and scope change (S:C), meaning successful exploitation can affect components beyond the plugin itself - potentially the broader WordPress environment or server. No public exploit identified at time of analysis, and the fix version is confirmed as 5.4.0 per Patchstack reporting.