HIGH
veronalabs
CVE published 2026-05-28
CVE-2026-7634
The SlimStat Analytics plugin for WordPress is vulnerable to Stored Cross-Site Scripting (XSS) via the User-Agent header in versions up to and including 5.4.11. The vulnerability stems from insufficient input sanitization and output escaping when processing User-Agent data. Unauthenticated attackers can inject arbitrary web scripts that execute when users access injected pages. However, exploitation requi [truncated]