Login Sign Up

CVE-2022-45366

7.1 HIGH
Cross-Site Scripting

📋 TL;DR

Unauthenticated reflected cross-site scripting (XSS) vulnerability in the Slimstat Analytics WordPress plugin allows attackers to inject malicious scripts via crafted URLs. This affects WordPress sites running Slimstat Analytics version 5.0.4 or earlier. Attackers can execute arbitrary JavaScript in victims' browsers when they click malicious links.

💻 Affected Systems

Products:
  • WordPress Slimstat Analytics plugin
Versions: <= 5.0.4
Operating Systems: Any OS running WordPress
Default Config Vulnerable: ⚠️ Yes
Notes: All WordPress installations with vulnerable plugin versions are affected regardless of configuration.

📦 What is this software?

Slimstat Analytics by Wp Slimstat

View all CVEs affecting Slimstat Analytics →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could steal administrator session cookies, perform actions as authenticated users, deface websites, or redirect users to malicious sites, potentially leading to complete site compromise.

🟠

Likely Case

Attackers typically use this to steal session cookies or credentials from users who click malicious links, leading to account takeover or privilege escalation.

🟢

If Mitigated

With proper input validation and output encoding, the malicious scripts would be rendered harmless as text rather than executable code.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Reflected XSS vulnerabilities are commonly exploited via phishing or malicious links. No authentication required.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 5.0.5 or later

Vendor Advisory: https://wordpress.org/plugins/wp-slimstat/#developers

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find Slimstat Analytics. 4. Click 'Update Now' if available. 5. Alternatively, download latest version from WordPress repository and manually update.

🔧 Temporary Workarounds

Disable plugin temporarily

all

Deactivate the Slimstat Analytics plugin until patched

wp plugin deactivate wp-slimstat

Implement WAF rules

all

Add web application firewall rules to block XSS payloads in query parameters

🧯 If You Can't Patch

  • Implement Content Security Policy (CSP) headers to restrict script execution
  • Use web application firewall to filter malicious input patterns

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin panel > Plugins > Slimstat Analytics for version number. If version is 5.0.4 or lower, you are vulnerable.

Check Version:

wp plugin get wp-slimstat --field=version

Verify Fix Applied:

After updating, verify plugin version shows 5.0.5 or higher in WordPress admin panel.

📡 Detection & Monitoring

Log Indicators:

  • Unusual query parameters containing script tags or JavaScript in URLs
  • Multiple failed XSS attempts in web server logs

Network Indicators:

  • HTTP requests with suspicious parameters containing <script> tags or JavaScript functions

SIEM Query:

source="web_server_logs" AND (uri="*<script>*" OR uri="*javascript:*" OR uri="*onerror=*" OR uri="*onload=*")

📊 Metadata

CVE ID: CVE-2022-45366
CVSS v3 Score: 7.1 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
CWE: CWE-79
Published: May 25, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-45366, you might also want to check these:

CVE-2021-39199 10.0

CVE-2021-39199 is a critical cross-site scripting (XSS) vulnerability in the remark-html Node.js lib...

Same vulnerability type (CWE-79)
CVE-2021-32671 10.0

This vulnerability in Flarum forum software allows attackers to inject malicious HTML/JavaScript int...

Same vulnerability type (CWE-79)
CVE-2021-32798 10.0

CVE-2021-32798 is a critical vulnerability in Jupyter Notebook that allows malicious notebook files ...

Same vulnerability type (CWE-79)