Impact
Improper neutralization of special elements is leveraged in this vulnerability, allowing a blind SQL injection attack that grants an attacker unauthorized access to the database. The resulting unauthorized data retrieval can lead to disclosure of sensitive information and potentially pave the way for further exploitation within the application.
Affected Systems
The VeronaLabs Slimstat Analytics plugin for WordPress, versions up through and including 5.4.11, is affected. No further version details are provided in the CNA data.
Risk and Exploitability
The CVSS score of 8.5 indicates a high severity level, while the EPSS score is not available, leaving the exact likelihood of exploitation uncertain. The vulnerability is not listed in the CISA KEV catalog, suggesting it has not yet been widely documented as a known exploit. Based on the typical exposure of WordPress plugins, the likely attack vector is remote via the plugin’s web interface, but the CVE description does not specify authentication requirements, so this detail is inferred rather than confirmed.
OpenCVE Enrichment