CVE-2022-4310

Name of the Vulnerable Software and Affected Versions Slimstat Analytics WordPress plugin versions prior to 4.9.3

Description The issue allows unauthenticated attackers to perform Stored Cross-Site Scripting attacks against logged-in admins viewing the logs, due to the plugin's failure to sanitise and escape the URI when logging requests.

Recommendations For versions prior to 4.9.3, update to version 4.9.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the logs for logged-in admins until the update is applied.