Description
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in VeronaLabs Slimstat Analytics allows Blind SQL Injection.

This issue affects Slimstat Analytics: from n/a through 5.4.11.
Published: 2026-06-17
Score: 8.5 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Improper neutralization of special elements is leveraged in this vulnerability, allowing a blind SQL injection attack that grants an attacker unauthorized access to the database. The resulting unauthorized data retrieval can lead to disclosure of sensitive information and potentially pave the way for further exploitation within the application.

Affected Systems

The VeronaLabs Slimstat Analytics plugin for WordPress, versions up through and including 5.4.11, is affected. No further version details are provided in the CNA data.

Risk and Exploitability

The CVSS score of 8.5 indicates a high severity level, while the EPSS score is not available, leaving the exact likelihood of exploitation uncertain. The vulnerability is not listed in the CISA KEV catalog, suggesting it has not yet been widely documented as a known exploit. Based on the typical exposure of WordPress plugins, the likely attack vector is remote via the plugin’s web interface, but the CVE description does not specify authentication requirements, so this detail is inferred rather than confirmed.

Generated by OpenCVE AI on June 18, 2026 at 13:50 UTC.

Remediation

Vendor Solution

Update the WordPress Slimstat Analytics Plugin to the latest available version (at least 5.4.12).


OpenCVE Recommended Actions

  • Apply the vendor‑recommended patch by upgrading Slimstat Analytics to version 5.4.12 or later.
  • Reconfigure the plugin’s database user to restrict privileges to only the tables that the plugin requires; avoid granting broad SELECT or UPDATE rights that could be abused if an injection occurs.
  • If the analytics functionality is not essential, temporarily deactivate or uninstall the plugin until a secure version is available.

Generated by OpenCVE AI on June 18, 2026 at 13:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 18 Jun 2026 04:45:00 +0000

Type Values Removed Values Added
First Time appeared Veronalabs
Veronalabs slimstat Analytics
Wordpress
Wordpress wordpress
Vendors & Products Veronalabs
Veronalabs slimstat Analytics
Wordpress
Wordpress wordpress
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Wed, 17 Jun 2026 14:00:00 +0000

Type Values Removed Values Added
Description Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in VeronaLabs Slimstat Analytics allows Blind SQL Injection. This issue affects Slimstat Analytics: from n/a through 5.4.11.
Title WordPress Slimstat Analytics plugin <= 5.4.11 - SQL Injection vulnerability
Weaknesses CWE-89
References
Metrics cvssV3_1

{'score': 8.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L'}


Subscriptions

Veronalabs Slimstat Analytics
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-06-17T15:28:06.250Z

Reserved: 2026-06-16T09:21:46.612Z

Link: CVE-2026-54818

cve-icon Vulnrichment

Updated: 2026-06-17T14:14:09.791Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-18T14:00:16Z

Weaknesses
  • CWE-89

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')