Slimstat WordPress plugin found to be affected by XSS vulnerability
- Versions prior to 4.8.1 of the Slimstat plugin are affected by the XSS vulnerability.
About Slimstat plugin
The Slimstat plugin allows the owner to gather analytics data for a Wordpress website. It helps the owner to keep track of certain information such as the browser and operating system details. The plugin also monitors the pages visited by outsiders to optimize the website analytics.
What is the flaw?
Versions prior to 4.8.1 of the Slimstat plugin are affected by the XSS vulnerability.
Once the attackers gain control of access log, they can see the details of the users accessing the website. The details include IP address, operating system, browser, and other installed plugins.
“These are found by an analytics client-side script which fingerprints the client information and then performs a request to the plugin while giving out its own properties,” added the researchers.
How to stay safe?
Those using the vulnerable versions of the plugin have been instructed to update their systems as soon as possible.