VulnTitan VulnTitan Security command center
Plugin Vulnerability Hub
Plugin 24 known issues Latest disclosed Mar 18, 2026

SlimStat Analytics Vulnerabilities

Review known vulnerability records for the WordPress plugin SlimStat Analytics (`wp-slimstat`), including severity, CVE references, affected versions, and patch status.

View on WordPress.org Back to Feed
Known Records
24
High or Critical
12
Linked CVEs
20
Last Updated
Mar 18, 2026
Coverage Snapshot

What this page helps you verify fast

This hub clusters every indexed record for SlimStat Analytics so operators can quickly confirm whether a disclosed issue maps to the installed slug and version range.

Patch Visibility
24 records include a published patch path.
Severity Mix
0 critical and 12 high severity findings.
Reference Workflow
Jump from the hub into the full report when you need remediation notes, CVSS vector details, or source references.
Known Vulnerabilities

Reports for SlimStat Analytics

Sorted by latest disclosure date so newly published issues surface first.

Plugin High Patched: Yes CVE-2026-1238
SlimStat Analytics <= 5.3.5 - Unauthenticated Stored Cross-Site Scripting via 'fh'

The SlimStat Analytics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'fh' (fingerprint) parameter in all versions up to, and including, 5.3.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attacke...

Published
Mar 18, 2026
Patched Release
5.4.0
Affected Versions
Versions up to 5.3.5
Next Step
Update to 5.4.0 or newer if supported.
Open Full Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2025-13431
SlimStat Analytics <= 5.3.1 - Authenticated (Subscriber+) SQL Injection via `args` Parameter

The SlimStat Analytics plugin for WordPress is vulnerable to time-based SQL Injection via the ‘args’ parameter in all versions up to, and including, 5.3.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. Thi...

Published
Feb 10, 2026
Patched Release
5.3.2
Affected Versions
Versions up to 5.3.1
Next Step
Update to 5.3.2 or newer if supported.
Open Full Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2025-69323
Slimstat Analytics <= 5.3.2 - Reflected Cross-Site Scripting

The Slimstat Analytics plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 5.3.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in...

Published
Jan 27, 2026
Patched Release
5.3.3
Affected Versions
Versions up to 5.3.2
Next Step
Update to 5.3.3 or newer if supported.
Open Full Report Open CVE Reference
Plugin High Patched: Yes CVE-2025-15057
SlimStat Analytics <= 5.3.3 - Unauthenticated Stored Cross-Site Scripting via 'fh' Parameter

The SlimStat Analytics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `fh` (fingerprint) parameter in all versions up to, and including, 5.3.3. This is due to insufficient input sanitization and output escaping on the fingerprint value stored in the dat...

Published
Jan 08, 2026
Patched Release
5.3.4
Affected Versions
Versions up to 5.3.3
Next Step
Update to 5.3.4 or newer if supported.
Open Full Report Open CVE Reference
Plugin High Patched: Yes CVE-2025-15055
SlimStat Analytics <= 5.3.4 - Unauthenticated Stored Cross-Site Scripting via 'notes/resource' Parameters

The SlimStat Analytics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'notes' and 'resource' parameters in all versions up to, and including, 5.3.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated at...

Published
Jan 08, 2026
Patched Release
5.3.5
Affected Versions
Versions up to 5.3.4
Next Step
Update to 5.3.5 or newer if supported.
Open Full Report Open CVE Reference
Plugin High Patched: Yes CVE-2025-14151
SlimStat Analytics <= 5.3.2 - Unauthenticated Stored Cross-Site Scripting

The SlimStat Analytics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'outbound_resource' parameter in the slimtrack AJAX action in all versions up to, and including, 5.3.2. This is due to insufficient input sanitization and output escaping on user supp...

Published
Dec 18, 2025
Patched Release
5.3.3
Affected Versions
Versions up to 5.3.2
Next Step
Update to 5.3.3 or newer if supported.
Open Full Report Open CVE Reference
Plugin High Patched: Yes CVE-2024-9548
Slimstat Analytics <= 5.2.6 - Unauthenticated Stored Cross-Site Scripting

The SlimStat Analytics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the resource parameter in all versions up to, and including, 5.2.6 due to insufficient input sanitization and output escaping when logging visitor requests. This makes it possible for una...

Published
Oct 14, 2024
Patched Release
5.2.7
Affected Versions
Versions up to 5.2.6
Next Step
Update to 5.2.7 or newer if supported.
Open Full Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2024-1073
SlimStat Analytics <= 5.1.3 - Authenticated (Subscriber+) Stored Cross-Site Scripting

The SlimStat Analytics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'filter_array' parameter in all versions up to, and including, 5.1.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, wi...

Published
Feb 01, 2024
Patched Release
5.1.4
Affected Versions
Versions up to 5.1.3
Next Step
Update to 5.1.4 or newer if supported.
Open Full Report Open CVE Reference
Plugin High Patched: Yes CVE-2023-4598
Slimstat Analytics <= 5.0.9 - Authenticated (Contributor+) Blind SQL Injection via Shortcode

The Slimstat Analytics plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 5.0.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it po...

Published
Sep 11, 2023
Patched Release
5.0.10
Affected Versions
Versions up to 5.0.9
Next Step
Update to 5.0.10 or newer if supported.
Open Full Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2023-4597
Slimstat Analytics <= 5.0.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The Slimstat Analytics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'slimstat' shortcode in versions up to, and including, 5.0.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authent...

Published
Aug 28, 2023
Patched Release
5.0.10
Affected Versions
Versions up to 5.0.9
Next Step
Update to 5.0.10 or newer if supported.
Open Full Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2023-40676
Slimstat Analytics <= 5.0.8 - Authenticated (Administrator+) Stored Cross-Site Scripting via settings

The Slimstat Analytics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 5.0.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-l...

Published
Aug 22, 2023
Patched Release
5.0.9
Affected Versions
Versions up to 5.0.8
Next Step
Update to 5.0.9 or newer if supported.
Open Full Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2023-33994
Slimstat Analytics <= 5.0.5.1 - Missing Authorization via delete_pageview

The Slimstat Analytics plugin for WordPress is vulnerable to unauthorized PageView Deletion due to a missing capability check on the delete_pageview function in versions up to, and including, 5.0.5.1. This makes it possible for authenticated attackers, with subscriber-level acces...

Published
Aug 22, 2023
Patched Release
5.0.6
Affected Versions
Versions up to 5.0.5.1
Next Step
Update to 5.0.6 or newer if supported.
Open Full Report Open CVE Reference