WordPress Plugin Vulnerabilities

WP Slimstat <= 3.9.5 - Weak Cryptographic Keys Leading to SQL Injections

Description

The Slimstat Analytics WordPress plugin was affected by a Weak Cryptographic Keys Leading to SQL Injections security vulnerability.

Affects Plugins

Plugin icon
wp-slimstat
Fixed in 3.9.6

References

URL
https://blog.sucuri.net/2015/02/security-advisory-wp-slimstat-3-9-5-and-lower.html
URL
http://arstechnica.com/security/2015/02/more-than-1-million-wordpress-websites-imperiled-by-critical-plugin-bug/

Classification

Type
SQLI
OWASP top 10
A1: Injection
CWE
CWE-89

Miscellaneous

Submitter
ethicalhack3r
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
329bf34a-e4b1-44d1-b8ad-f43293977d5c

Timeline

Publicly Published
2015-02-24 (about 11 years ago)
Added
2015-02-25 (about 11 years ago)
Last Updated
2019-10-21 (about 6 years ago)

Other

Published
Title
Published
2026-02-10
Title
SlimStat Analytics < 5.3.2 - Authenticated (Subscriber+) SQL Injection via `args` Parameter
Published
2019-04-11
Title
Advanced Contact form 7 DB <= 1.6.0 - Authenticated SQL Injection
Published
2026-03-03
Title
Email Subscribers & Newsletters < 5.9.17 - Authenticated (Administrator+) SQL Injection via 'workflow_ids' Parameter
Published
2021-04-05
Title
Simple Membership < 4.0.4 - Authenticated SQL Injections
Published
2025-02-21
Title
LTL Freight Quotes – Purolator Edition < 2.2.4 - Unauthenticated SQL Injection