Vulnerability Platform

Vulnerability List

CVE ID	Title	Vendor	Product	Severity	CVSS Score	Published At	AI Analysis
CVE-2026-5231	WP Statistics <= 14.16.4 - Unauthenticated Stored Cross-Site Scripting via 'utm_source' Parameter	veronalabs	WP Statistics – Simple, privacy-friendly Google Analytics alternative	High	7.2	2026-04-17 01:24:38	Deep Dive
CVE-2026-3488	WP Statistics <= 14.16.4 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Exposure and Privacy Audit Manipulation	veronalabs	WP Statistics – Simple, privacy-friendly Google Analytics alternative	Medium	6.5	2026-04-17 01:24:38	Deep Dive
CVE-2026-1238	SlimStat Analytics <= 5.3.5 - Unauthenticated Stored Cross-Site Scripting via 'fh'	veronalabs	SlimStat Analytics	High	7.2	2026-03-19 04:27:30	Deep Dive
CVE-2026-28136	WordPress WP SMS plugin <= 6.9.12 - SQL Injection vulnerability	VeronaLabs	WP SMS	-	-	2026-02-26 08:33:37	Deep Dive
CVE-2025-69323	WordPress Slimstat Analytics plugin <= 5.3.2 - Reflected Cross Site Scripting (XSS) vulnerability	VeronaLabs	Slimstat Analytics	-	-	2026-02-20 15:46:49	Deep Dive
CVE-2026-25343	WordPress WP SMS plugin <= 7.1 - Cross Site Scripting (XSS) vulnerability	VeronaLabs	WP SMS	-	-	2026-02-19 08:26:59	Deep Dive
CVE-2025-13431	SlimStat Analytics <= 5.3.1 - Authenticated (Subscriber+) SQL Injection via `args` Parameter	veronalabs	SlimStat Analytics	Medium	6.5	2026-02-11 01:23:35	Deep Dive
CVE-2025-15055	SlimStat Analytics <= 5.3.4 - Unauthenticated Stored Cross-Site Scripting via 'notes/resource' Parameters	veronalabs	SlimStat Analytics	High	7.2	2026-01-09 06:34:56	Deep Dive
CVE-2025-15057	SlimStat Analytics <= 5.3.3 - Unauthenticated Stored Cross-Site Scripting via 'fh' Parameter	veronalabs	SlimStat Analytics	High	7.2	2026-01-09 06:34:55	Deep Dive
CVE-2025-14151	SlimStat Analytics <= 5.3.2 - Unauthenticated Stored Cross-Site Scripting	veronalabs	SlimStat Analytics	High	7.2	2025-12-19 08:23:41	Deep Dive
CVE-2025-62006	WordPress WP SMS plugin <= 7.0.1 - Broken Access Control vulnerability	VeronaLabs	WP SMS	Medium	5.4	2025-10-22 14:32:48	Deep Dive
CVE-2025-9816	WP Statistics <= 14.5.4 - Unauthenticated Stored Cross-Site Scripting via User-Agent Header	veronalabs	WP Statistics – Simple, privacy-friendly Google Analytics alternative	High	7.2	2025-09-27 04:26:58	Deep Dive
CVE-2025-55716	WordPress WP Statistics Plugin <= 14.15 - Broken Access Control Vulnerability	VeronaLabs	WP Statistics	Medium	4.3	2025-08-14 18:21:24	Deep Dive
CVE-2025-3953	WP Statistics – The Most Popular Privacy-Friendly Analytics Plugin <= 14.13.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Settings Update	veronalabs	WP Statistics – Simple, privacy-friendly Google Analytics alternative	Medium	5.4	2025-04-30 05:23:09	Deep Dive
CVE-2023-33994	WordPress Slimstat Analytics plugin <= 5.0.5.1 - Broken Access Control vulnerability	VeronaLabs	Slimstat Analytics	中危	-	2024-12-13 14:23:31	Deep Dive
CVE-2024-43331	WordPress WP SMS plugin <= 6.9.3 - Broken Access Control vulnerability	VeronaLabs	WP SMS	Medium	5.3	2024-08-22 11:29:45	Deep Dive
CVE-2024-34811	WordPress WP SMS plugin <= 6.5.1 - Cross Site Scripting (XSS) vulnerability	VeronaLabs	WP SMS	Medium	5.9	2024-05-13 08:36:02	Deep Dive
CVE-2024-30454	WordPress WP SMS plugin <= 6.6.2 - Cross Site Request Forgery (CSRF) vulnerability	VeronaLabs	WP SMS	Medium	4.3	2024-03-29 16:30:15	Deep Dive
CVE-2024-25920	WordPress WP SMS plugin <= 6.3.4 - Cross Site Scripting (XSS) vulnerability	VeronaLabs	WP SMS	Medium	6.5	2024-03-27 05:45:44	Deep Dive
CVE-2024-24881	WordPress WP SMS Plugin <= 6.5.2 is vulnerable to Cross Site Scripting (XSS)	VeronaLabs	WP SMS – Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc	High	7.1	2024-02-08 11:19:22	Deep Dive

Goal Reached Thanks to every supporter — we hit 100%!

Vulnerability List