CVE-2024-9548

Published Oct 15, 2024

Last updated a month ago

CVSS medium 6.1

Overview

Description: The SlimStat Analytics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the resource parameter in all versions up to, and including, 5.2.6 due to insufficient input sanitization and output escaping when logging visitor requests. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Source: security@wordfence.com
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 6.1
Impact score: 2.7
Exploitability score: 2.8
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Severity: MEDIUM

Weaknesses

security@wordfence.com: CWE-79

Hype score: Not currently trending

CVE-2024-9548 (CVSS:7.2, HIGH) is Undergoing Analysis. The SlimStat Analytics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the resource parameter in a..https://t.co/RxttDYgwyl #cybersecurityawareness #cybersecurity #CVE #infosec #hacker #nvd #mitre
@cracbot
11 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:wp-slimstat:slimstat_analytics:*:*:*:*:*:wordpress:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9BAF5D0B-B01E-43C4-9F97-C81469047D5F",
            "versionEndExcluding": "5.2.7"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References