{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/products/slimstat-analytics-plugin--5.4.11/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":7.2,"id":"CVE-2026-7634"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["SlimStat Analytics plugin \u003c= 5.4.11"],"_cs_severities":["medium"],"_cs_tags":["cve","xss","wordpress"],"_cs_type":"advisory","_cs_vendors":["WordPress"],"content_html":"\u003cp\u003eThe SlimStat Analytics plugin for WordPress is susceptible to a stored cross-site scripting (XSS) vulnerability, identified as CVE-2026-7634. This flaw resides in versions up to and including 5.4.11. It stems from inadequate input sanitization and output escaping applied to the \u0026lsquo;User-Agent\u0026rsquo; header. An unauthenticated attacker can exploit this vulnerability to inject malicious web scripts into pages. For the injected script to execute, the \u0026lsquo;show_complete_user_agent_tooltip\u0026rsquo; setting must be explicitly enabled within the plugin\u0026rsquo;s configuration by an administrator; this setting is disabled by default. The successful exploitation of this vulnerability allows attackers to execute arbitrary JavaScript code in the context of a user\u0026rsquo;s browser when they access a page containing the injected payload.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn unauthenticated attacker crafts a malicious HTTP request with a User-Agent header containing a JavaScript payload.\u003c/li\u003e\n\u003cli\u003eThe attacker sends the HTTP request to a WordPress site running the vulnerable SlimStat Analytics plugin.\u003c/li\u003e\n\u003cli\u003eThe SlimStat Analytics plugin logs the malicious User-Agent string in the database without proper sanitization.\u003c/li\u003e\n\u003cli\u003eAn administrator enables the \u0026lsquo;show_complete_user_agent_tooltip\u0026rsquo; setting in the SlimStat Analytics plugin configuration.\u003c/li\u003e\n\u003cli\u003eA user visits a page where the User-Agent information is displayed via the tooltip.\u003c/li\u003e\n\u003cli\u003eThe stored XSS payload is rendered in the user\u0026rsquo;s browser.\u003c/li\u003e\n\u003cli\u003eThe injected JavaScript code executes within the user\u0026rsquo;s browser session.\u003c/li\u003e\n\u003cli\u003eThe attacker can then perform actions such as stealing cookies, redirecting the user, or defacing the website.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this stored XSS vulnerability (CVE-2026-7634) allows an unauthenticated attacker to execute arbitrary JavaScript code in the context of a user\u0026rsquo;s browser. This can lead to session hijacking, defacement of the WordPress site, or redirection to malicious sites. The vulnerability is triggered when the administrator enables the \u0026lsquo;show_complete_user_agent_tooltip\u0026rsquo; option, increasing the likelihood of exploitation if this setting is enabled. While the base score is 7.2, the impact can be significant depending on the privileges of the compromised user.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade the SlimStat Analytics plugin to the latest version, which contains a fix for CVE-2026-7634.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u003ccode\u003eDetect SlimStat User-Agent Header XSS Attempt\u003c/code\u003e to identify attempts to inject malicious JavaScript in the User-Agent header.\u003c/li\u003e\n\u003cli\u003eReview the configuration of the SlimStat Analytics plugin and ensure that the \u003ccode\u003eshow_complete_user_agent_tooltip\u003c/code\u003e setting is disabled if not needed.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-28T08:19:11Z","date_published":"2026-05-28T08:19:11Z","id":"https://feed.craftedsignal.io/briefs/2026-05-wordpress-slimstat-xss/","summary":"The SlimStat Analytics plugin for WordPress is vulnerable to stored cross-site scripting (XSS) via the User-Agent header, allowing unauthenticated attackers to inject arbitrary web scripts if the 'show_complete_user_agent_tooltip' setting is enabled.","title":"WordPress SlimStat Analytics Plugin Stored XSS Vulnerability (CVE-2026-7634)","url":"https://feed.craftedsignal.io/briefs/2026-05-wordpress-slimstat-xss/"}],"language":"en","title":"CraftedSignal Threat Feed — SlimStat Analytics Plugin \u003c= 5.4.11","version":"https://jsonfeed.org/version/1.1"}