WordPress Plugin Vulnerabilities

Slimstat Analytics < 5.0.5 - Admin+ SQLi

Description

The plugin does not sanitise and escape the misc[limit_results] parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin

Affects Plugins

Plugin icon
wp-slimstat
Fixed in 5.0.5

References

CVE
CVE-2022-45373

Classification

Type
SQLI
OWASP top 10
A1: Injection
CWE
CWE-89
CVSS
4.1 (medium)

Miscellaneous

Original Researcher
Rafie Muhammad
Verified
No
WPVDB ID
653edd42-e34f-4be1-a2f0-5814edcd6994

Timeline

Publicly Published
2023-05-11 (about 3 years ago)
Added
2023-05-26 (about 2 years ago)
Last Updated
2023-05-26 (about 2 years ago)

Other

Published
Title
Published
2024-03-20
Title
Avada < 7.11.7 - Authenticated (Admin+) SQL Injection via entry
Published
2026-01-07
Title
Media Search Enhanced < 0.9.2 - Authenticated (Author+) SQL Injection
Published
2025-08-18
Title
MDTF < 1.3.3.8 - Unauthenticated SQL Injection
Published
2026-01-28
Title
Saasplate Core <= 1.2.8 - Unauthenticated SQL Injection
Published
2022-04-18
Title
MapSVG < 6.2.20 - Unauthenticated SQLi