WordPress Plugin Vulnerabilities

WP SlimStat <= 3.9.2 - Stored Cross-Site Scripting (XSS)

Description

WP-SlimStat Plugin for WordPress is vulnerable to Stored Cross-Site Scripting

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials of the web site administrator and launch other attacks.

This issue affects WP-SlimStat Plugin 3.9.2; other Old versions may also be vulnerable.

Sample Payload:

http://www.example.com/wordpress/?cat=1"><script>alert(333)</script>

http://www.example.com/wordpress/wp-admin/admin.php?page=wp-slim-view-5

Affects Plugins

Plugin icon
wp-slimstat
Fixed in 3.9.3

References

CVE
CVE-2015-1204

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79

Miscellaneous

Submitter
youssef bencharhi
Verified
No
WPVDB ID
4200832f-35a1-4047-b505-5339c8c2e549

Timeline

Publicly Published
2015-01-25 (about 11 years ago)
Added
2015-01-23 (about 11 years ago)
Last Updated
2019-10-21 (about 6 years ago)

Other

Published
Title
Published
2026-01-10
Title
Neoforum <= 1.0 - Reflected Cross-Site Scripting
Published
2025-01-10
Title
TCBD Auto Refresher <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2014-08-01
Title
bib2html 0.9.3 - /OSBiB/create/index.php styleShortName Parameter XSS
Published
2024-05-14
Title
Image Optimization by Optimole < 3.13.0 - Author+ Stored Cross-Site Scripting via SVG Upload
Published
2026-05-01
Title
Premium Addons for Elementor < 4.11.71 - Contributor+ Stored XSS via 'custom_svg' Parameter