N/A
2026-03-18< 5.4.0
SlimStat Analytics <= 5.3.5 - Unauthenticated Stored Cross-Site Scripting via 'fh'
SlimStat Analytics
Minimum safe version
5.4.0
Update to 5.4.0 or later to address 37 fixable vulnerabilities
Latest available5.4.11 ✓
High 7.1
2026-02-20< 5.3.3
CVE-2025-69323
Medium 6.5
2026-02-11< 5.3.2
CVE-2025-13431
High 7.2
2026-01-09< 5.3.5
CVE-2025-15055
High 7.2
2026-01-09< 5.3.4
CVE-2025-15057
High 7.2
2025-12-19< 5.3.3
CVE-2025-14151
Medium 6.1
2024-10-14< 5.2.7
CVE-2024-9548
Medium 5.4
2024-02-02< 5.1.4
CVE-2024-1073
N/A
< 5.1.4
WordPress Slimstat Analytics Plugin <= 5.1.3 is vulnerable to Cross Site Scripting (XSS)
N/A
2024-02-01< 5.1.4
SlimStat Analytics <= 5.1.3 - Authenticated (Subscriber+) Stored Cross-Site Scripting
Medium 6.5
2023-10-20< 5.0.10
CVE-2023-4598
Medium 6.4
2023-08-30< 5.0.10
CVE-2023-4597
Medium 5.9
2023-09-27< 5.0.9
CVE-2023-40676
Medium 6.5
2024-12-13< 5.0.6
CVE-2023-33994
N/A
< 2.8.5
WP SlimStat 2.8.4 - wp-content/plugins/wp-slimstat/admin/view/panel1.php s Parameter XSS
N/A
< 3.9.6
WP Slimstat <= 3.9.5 - Weak Cryptographic Keys Leading to SQL Injections
N/A
< 4.8.4
WP Slimstat <= 4.8.3 - CSRF to Stored XSS and Setting Updates
N/A
< 4.9.4
Slimstat Analytics < 4.9.4 - Subscriber+ SQL Injection
High 8.8
2023-11-06< 5.0.5
CVE-2022-45373
High 7.1
2023-05-25< 5.0.5
CVE-2022-45366
N/A
2023-04-13< 4.9.4
WordPress Slimstat Analytics Plugin < 4.9.4 is vulnerable to SQL Injection
N/A
2023-03-31< 4.9.3.4
WordPress Slimstat Analytics Plugin <= 4.9.3.3 is vulnerable to SQL Injection
N/A
2023-03-30< 4.9.3.4
Slimstat Analytics <= 4.9.3.3 - Authenticated (Subscriber+) SQL Injection via Shortcode
High 8.8
2023-03-20< 4.9.3.3
CVE-2023-0630
N/A
2015-02-24< 3.9.6
Slimstat Analytics < 3.9.6 - Unauthenticated Blind SQL Injection
N/A
2019-05-22< 4.8.4
Slimstat Analytics <= 4.8.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting
Medium 6.1
2023-01-09< 4.9.3
CVE-2022-4310
N/A
2022-12-12< 4.9.3
Slimstat Analytics <= 4.9.2 - Reflected Cross-Site Scripting via REQUEST_URI
N/A
2015-05-15< 3.9.6
WordPress Slimstat Plugin <= 3.9.5 - SQL Injections
N/A
2015-05-15< 2.8.5
WordPress SlimStat Plugin <= 2.8.4 - Cross Site Scripting
N/A
2015-07-26< 4.1.6
WordPress Slimstat Plugin <= 4.1.5.2 - Cross Site Scripting
N/A
2019-05-22< 4.8.1
WordPress Slimstat plugin <= 4.8 - Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability
N/A
2019-07-10< 4.8.4
WordPress Slimstat Analytics plugin <= 4.8.3 - Cross-Site Request Forgery (CSRF) to Stored Cross-Site Scripting (XSS) + Setting Updates vulnerabilities
N/A
2015-01-13< 3.5.6
CVE-2014-100027
N/A
2015-01-21< 3.9.3
CVE-2015-1204
Medium 6.1
2018-10-07< 4.1.6.1
CVE-2015-9273
Medium 6.1
2019-08-21< 4.8.1
CVE-2019-15112