NotCVE - vendor:"Wp Slimstat" product:"Wp Slimstat" version:" >= 0.0.0.0 <= 5.0.5.1"

3 results (0.007 seconds)

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2023-33994 – WordPress Slimstat Analytics plugin <= 5.0.5.1 - Broken Access Control vulnerability

https://notcve.org/view.php?id=CVE-2023-33994

22 Aug 2023 — Missing Authorization vulnerability in Jason Crouse, VeronaLabs Slimstat Analytics allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Slimstat Analytics: from n/a through 5.0.5.1. The Slimstat Analytics plugin for WordPress is vulnerable to unauthorized PageView Deletion due to a missing capability check on the delete_pageview function in versions up to, and including, 5.0.5.1. This makes it possible for authenticated attackers, with subscriber-level access and above,... • https://patchstack.com/database/wordpress/plugin/wp-slimstat/vulnerability/wordpress-slimstat-analytics-plugin-5-0-5-1-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1

CVE-2014-100027 – Slimstat Analytics <= 3.5.5 - Stored Cross-Site Scripting

https://notcve.org/view.php?id=CVE-2014-100027

13 Jan 2015 — Cross-site scripting (XSS) vulnerability in the WP SlimStat plugin before 3.5.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via a crafted URL. Vulnerabilidad de XSS en el plugin WP SlimStat anterior a 3.5.6 para WordPress permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de una URL manipulada. The Slimstat Analytics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a URL in versions up to, and including, 3.5.5 due... • http://secunia.com/advisories/57305 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1

CVE-2015-1204 – Slimstat Analytics <= 3.9.2 - Cross-Site Scripting

https://notcve.org/view.php?id=CVE-2015-1204

06 Jan 2015 — Cross-site scripting (XSS) vulnerability in the Save Filters functionality in the WP Slimstat plugin before 3.9.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the fs[resource] parameter in the wp-slim-view-2 page to wp-admin/admin.php. Vulnerabilidad XSS en la funcionalidad Save Filters en el plugin WP Slimstat anterior a 3.9.2 de WordPress permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro fs[resource] en la página wp-slim-view-... • http://secunia.com/advisories/62034 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •