WordPress Plugin Vulnerabilities

WP Slimstat < 4.1.6 - Referer Header Cross-Site Scripting (XSS)

Description

The Slimstat Analytics WordPress plugin was affected by a Referer Header Cross-Site Scripting (XSS) security vulnerability.

Affects Plugins

Plugin icon
wp-slimstat
Fixed in 4.1.6

References

CVE
CVE-2015-9273
URL
https://www.openwall.com/lists/oss-security/2015/07/30/1
URL
https://plugins.trac.wordpress.org/changeset/1204104

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
6.1 (medium)

Miscellaneous

Submitter
ethicalhack3r
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
0d70303a-7415-47ca-8fd9-36c83d5a1c4c

Timeline

Publicly Published
2015-07-26 (about 10 years ago)
Added
2015-07-26 (about 10 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2025-01-13
Title
Multilang Contact Form <= 1.5 - Reflected Cross-Site Scripting
Published
2023-05-02
Title
Newsletter Popup <= 1.2 - Unauthenticated Stored XSS
Published
2025-01-02
Title
wooexim <= 5.0.0 - CSRF to Reflected XSS
Published
2023-12-05
Title
Bold Page Builder < 4.7.0 - Contributor+ Stored XSS
Published
2025-07-11
Title
ShareBang, Ultimate Social Share Buttons for WordPress <= 1.4 - Reflected Cross-Site Scripting