CVE-2023-0630

Name of the Vulnerable Software and Affected Versions Slimstat Analytics WordPress plugin versions prior to 4.9.3.3

Description The issue concerns the Slimstat Analytics WordPress plugin, where subscribers are not prevented from rendering shortcodes that concatenate attributes directly into an SQL query. This could potentially lead to SQL injection attacks.

Recommendations For versions prior to 4.9.3.3, update to version 4.9.3.3 or later to resolve the issue. As a temporary workaround, consider restricting the use of shortcodes by subscribers to minimize the risk of exploitation.