WordPress Plugin Vulnerabilities
WP SlimStat <= 3.9.1 - Cross-Site Scripting (XSS)
Description
WP SlimStat Plugin for WordPress is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
This issue affects WP-SlimStat Plugin 3.9.1; other Old versions may also be vulnerable.
Sample Payload for Reflected XSS:
http://www.example.com/wordpress/wp-admin/admin.php?page=wp-slim-view-2&fs[resource]=equals+/wordpress/?s='><script>alert("XSS")</script>
Affects Plugins
References
CVE
Classification
Type
XSS
OWASP top 10
CWE
Miscellaneous
Submitter
LOUDIYI MOHAMED
Verified
Yes
WPVDB ID
Timeline
Publicly Published
2015-01-06 (about 9 years ago)
Added
2015-01-06 (about 9 years ago)
Last Updated
2019-10-21 (about 4 years ago)