CVE-2025-14151

CVSS v3.1

7.2

High

Vector

AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions SlimStat Analytics plugin for WordPress versions prior to 5.3.3

Description The SlimStat Analytics plugin for WordPress is susceptible to Stored Cross-Site Scripting. This is caused by inadequate input sanitization and output escaping of user-provided attributes. An unauthenticated attacker can inject arbitrary web scripts via the outbound resource parameter in the 'slimtrack' AJAX action. When a user accesses an injected page, the malicious script will execute.

Recommendations Update the SlimStat Analytics plugin to version 5.3.3 or later.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2025-14151

Affected Products

Slimstat Analytics

CVE-2025-14151

Weakness Enumeration

Related Identifiers

Affected Products

References · 9