A high-severity SQL injection vulnerability was discovered in Slimstat Analytics, a popular WordPress plugin. This vulnerability, tracked as CVE-2026-54818, has a CVSS score of 8.5 and allows attackers to perform blind SQL injection. The vulnerability affects Slimstat Analytics versions from n/a through 5.4.11. Successful exploitation could lead to unauthorized data access and manipulation. Administrators [truncated]
CVE-2026-27410 is a medium-severity vulnerability in Slimstat Analytics plugin versions before 5.4.0. It allows unauthenticated deserialization of untrusted data, potentially leading to security issues. The vulnerability was published on June 17, 2026, and has a CVSS score of 6.5. Users of affected versions should update to version 5.4.0 or later to mitigate the risk. This vulnerability is considered a se [truncated]
A Subscriber Sensitive Data Exposure vulnerability was discovered in the WP SMS plugin up to version 7.2.1. This vulnerability has been assigned a CVSS score of 6.5, indicating a Medium severity level. The vulnerability allows an attacker to expose sensitive data, potentially leading to unauthorized access or disclosure of subscriber information.
The SlimStat Analytics plugin for WordPress is vulnerable to Stored Cross-Site Scripting (XSS) via the User-Agent header in versions up to and including 5.4.11. The vulnerability stems from insufficient input sanitization and output escaping when processing User-Agent data. Unauthenticated attackers can inject arbitrary web scripts that execute when users access injected pages. However, exploitation requi [truncated]