Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

veronalabs — Vulnerabilities & Security Advisories 34

Browse all 34 CVE security advisories affecting veronalabs. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by veronalabs:SlimStat AnalyticsWP SMSWP Statistics – Simple, privacy-friendly Google Analytics alternativeWP StatisticsWP SMS – Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etcWSMS (formerly WP SMS) – SMS & MMS Notifications with OTP and 2FA for WooCommerce
CVE IDTitleCVSSSeverityPublished
CVE-2026-5231 WP Statistics <= 14.16.4 - Unauthenticated Stored Cross-Site Scripting via 'utm_source' Parameter — WP Statistics – Simple, privacy-friendly Google Analytics alternativeCWE-79 7.2 High2026-04-17
CVE-2026-3488 WP Statistics <= 14.16.4 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Exposure and Privacy Audit Manipulation — WP Statistics – Simple, privacy-friendly Google Analytics alternativeCWE-862 6.5 Medium2026-04-17
CVE-2026-1238 SlimStat Analytics <= 5.3.5 - Unauthenticated Stored Cross-Site Scripting via 'fh' — SlimStat AnalyticsCWE-79 7.2 High2026-03-19
CVE-2026-28136 WordPress WP SMS plugin <= 6.9.12 - SQL Injection vulnerability — WP SMSCWE-89 9.8AICriticalAI2026-02-26
CVE-2025-69323 WordPress Slimstat Analytics plugin <= 5.3.2 - Reflected Cross Site Scripting (XSS) vulnerability — Slimstat AnalyticsCWE-79 6.1AIMediumAI2026-02-20
CVE-2026-25343 WordPress WP SMS plugin <= 7.1 - Cross Site Scripting (XSS) vulnerability — WP SMSCWE-79 6.1AIMediumAI2026-02-19
CVE-2025-13431 SlimStat Analytics <= 5.3.1 - Authenticated (Subscriber+) SQL Injection via `args` Parameter — SlimStat AnalyticsCWE-89 6.5 Medium2026-02-11
CVE-2025-15055 SlimStat Analytics <= 5.3.4 - Unauthenticated Stored Cross-Site Scripting via 'notes/resource' Parameters — SlimStat AnalyticsCWE-79 7.2 High2026-01-09
CVE-2025-15057 SlimStat Analytics <= 5.3.3 - Unauthenticated Stored Cross-Site Scripting via 'fh' Parameter — SlimStat AnalyticsCWE-79 7.2 High2026-01-09
CVE-2025-14151 SlimStat Analytics <= 5.3.2 - Unauthenticated Stored Cross-Site Scripting — SlimStat AnalyticsCWE-79 7.2 High2025-12-19
CVE-2025-62006 WordPress WP SMS plugin <= 7.0.1 - Broken Access Control vulnerability — WP SMSCWE-862 5.4 Medium2025-10-22
CVE-2025-9816 WP Statistics <= 14.5.4 - Unauthenticated Stored Cross-Site Scripting via User-Agent Header — WP Statistics – Simple, privacy-friendly Google Analytics alternativeCWE-79 7.2 High2025-09-27
CVE-2025-55716 WordPress WP Statistics Plugin <= 14.15 - Broken Access Control Vulnerability — WP StatisticsCWE-862 4.3 Medium2025-08-14
CVE-2025-3953 WP Statistics – The Most Popular Privacy-Friendly Analytics Plugin <= 14.13.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Settings Update — WP Statistics – Simple, privacy-friendly Google Analytics alternativeCWE-862 5.4 Medium2025-04-30
CVE-2023-33994 WordPress Slimstat Analytics plugin <= 5.0.5.1 - Broken Access Control vulnerability — Slimstat AnalyticsCWE-862 8.2 -2024-12-13
CVE-2024-9548 Slimstat Analytics <= 5.2.6 - Unauthenticated Stored Cross-Site Scripting — SlimStat AnalyticsCWE-79 7.2 High2024-10-14
CVE-2024-43331 WordPress WP SMS plugin <= 6.9.3 - Broken Access Control vulnerability — WP SMSCWE-862 5.3 Medium2024-08-22
CVE-2024-34811 WordPress WP SMS plugin <= 6.5.1 - Cross Site Scripting (XSS) vulnerability — WP SMSCWE-79 5.9 Medium2024-05-13
CVE-2024-30454 WordPress WP SMS plugin <= 6.6.2 - Cross Site Request Forgery (CSRF) vulnerability — WP SMSCWE-352 4.3 Medium2024-03-29
CVE-2024-25920 WordPress WP SMS plugin <= 6.3.4 - Cross Site Scripting (XSS) vulnerability — WP SMSCWE-79 6.5 Medium2024-03-27
CVE-2024-2194 WP Statistics <= 14.5 - Unauthenticated Stored Cross-Site Scripting — WP Statistics – Simple, privacy-friendly Google Analytics alternativeCWE-79 7.2 High2024-03-13
CVE-2024-24881 WordPress WP SMS Plugin <= 6.5.2 is vulnerable to Cross Site Scripting (XSS) — WP SMS – Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etcCWE-79 7.1 High2024-02-08
CVE-2024-1073 SlimStat Analytics <= 5.1.3 - Authenticated (Subscriber+) Stored Cross-Site Scripting — SlimStat AnalyticsCWE-79 6.4 Medium2024-02-02
CVE-2023-6980 WP SMS <= 6.5 - Cross-Site Request Forgery to Subscriber Deletion — WSMS (formerly WP SMS) – SMS & MMS Notifications with OTP and 2FA for WooCommerceCWE-352 4.3 Medium2024-01-03
CVE-2023-6981 WP SMS <= 6.5 - Authenticated (Admin+) SQL Injection to Reflected Cross-Site Scripting — WSMS (formerly WP SMS) – SMS & MMS Notifications with OTP and 2FA for WooCommerceCWE-89 6.1 Medium2024-01-03
CVE-2023-27447 WordPress WP SMS Plugin <= 6.0.4 is vulnerable to Sensitive Data Exposure — WP SMS – Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etcCWE-200 5.3 Medium2023-12-28
CVE-2023-4598 Slimstat Analytics <= 5.0.9 - Authenticated (Contributor+) Blind SQL Injection via Shortcode — SlimStat AnalyticsCWE-89 8.8 High2023-10-20
CVE-2023-32742 WordPress WP SMS Plugin <= 6.1.4 is vulnerable to Cross Site Scripting (XSS) — WP SMSCWE-79 7.1 High2023-08-30
CVE-2023-4597 Slimstat Analytics <= 5.0.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode — SlimStat AnalyticsCWE-79 6.4 Medium2023-08-30
CVE-2022-38074 WordPress WP Statistics Plugin <= 13.2.10 is vulnerable to SQL Injection — WP StatisticsCWE-89 9.9 Critical2023-03-13

This page lists every published CVE security advisory associated with veronalabs. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.