WP-Safety

SlimStat Analytics Security & Risk Analysis

wordpress.org/plugins/wp-slimstat

The leading web analytics plugin for WordPress

80K active installs v5.4.9 PHP 7.4+ WP 5.6+ Updated Apr 3, 2026
analyticsgeolocationreportsstatisticstracking
88
A · Safe
CVEs total24
Unpatched0
Last CVEMar 18, 2026
Plugin page Download
Safety Verdict

Is SlimStat Analytics Safe to Use in 2026?

Generally Safe

Score 88/100

SlimStat Analytics has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

24 known CVEsLast CVE: Mar 18, 2026Updated 1mo ago
Risk Assessment

WP-Slimstat v5.4.3 presents a mixed security posture. On the positive side, the plugin demonstrates good practices in its handling of SQL queries, with 97% utilizing prepared statements, and a strong emphasis on output escaping, with 83% of outputs properly escaped. The presence of 25 nonce checks and 28 capability checks also indicates an awareness of common security controls.

However, significant concerns arise from the static analysis. A substantial attack surface is exposed, with 7 out of 19 entry points lacking authentication checks, including AJAX handlers and REST API routes. The taint analysis reveals 14 flows with unsanitized paths, with 7 flagged as high severity, indicating potential for malicious input to be processed without adequate validation. The use of dangerous functions like `assert`, `unserialize`, `shell_exec`, and `proc_open` further amplifies the risk, especially when combined with unsanitized input.

The plugin's vulnerability history is also a major red flag, with 23 known CVEs, all of which are surprisingly marked as patched, though the recency of the last vulnerability in 2026 (likely a typo, but noted) doesn't provide current reassurance. The historical focus on SQL Injection, Missing Authorization, CSRF, and XSS, coupled with the current taint analysis findings, suggests recurring weaknesses in input validation and authorization mechanisms. While the current version may not have unpatched CVEs, the underlying patterns of vulnerabilities and the identified static analysis issues paint a picture of a plugin that requires vigilant monitoring and potential code review to ensure long-term security.

Key Concerns

  • Unprotected AJAX handlers
  • Unprotected REST API routes
  • High severity taint flows
  • Flows with unsanitized paths
  • Dangerous functions used
  • Large attack surface without auth
  • High historical vulnerability count
  • Historical SQL Injection vulnerabilities
  • Historical Missing Authorization vulnerabilities
  • Historical CSRF vulnerabilities
  • Historical XSS vulnerabilities
Vulnerabilities
24 published

SlimStat Analytics Security Vulnerabilities

CVEs by Year

4 CVEs in 2015
2015
2 CVEs in 2019
2019
2 CVEs in 2022
2022
8 CVEs in 2023
2023
2 CVEs in 2024
2024
1 CVE in 2025
2025
5 CVEs in 2026
2026
Patched Has unpatched

Severity Breakdown

High
12
Medium
12

24 total CVEs

CVE-2026-1238high · 7.2Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

SlimStat Analytics <= 5.3.5 - Unauthenticated Stored Cross-Site Scripting via 'fh'

Mar 18, 2026 Patched in 5.4.0 (1d)
CVE-2025-13431medium · 6.5Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

SlimStat Analytics <= 5.3.1 - Authenticated (Subscriber+) SQL Injection via `args` Parameter

Feb 10, 2026 Patched in 5.3.2 (1d)
CVE-2025-69323medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Slimstat Analytics <= 5.3.2 - Reflected Cross-Site Scripting

Jan 27, 2026 Patched in 5.3.3 (7d)
CVE-2025-15057high · 7.2Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

SlimStat Analytics <= 5.3.3 - Unauthenticated Stored Cross-Site Scripting via 'fh' Parameter

Jan 8, 2026 Patched in 5.3.4 (1d)
CVE-2025-15055high · 7.2Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

SlimStat Analytics <= 5.3.4 - Unauthenticated Stored Cross-Site Scripting via 'notes/resource' Parameters

Jan 8, 2026 Patched in 5.3.5 (1d)
CVE-2025-14151high · 7.2Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

SlimStat Analytics <= 5.3.2 - Unauthenticated Stored Cross-Site Scripting

Dec 18, 2025 Patched in 5.3.3 (18d)
CVE-2024-9548high · 7.2Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Slimstat Analytics <= 5.2.6 - Unauthenticated Stored Cross-Site Scripting

Oct 14, 2024 Patched in 5.2.7 (1d)
CVE-2024-1073medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

SlimStat Analytics <= 5.1.3 - Authenticated (Subscriber+) Stored Cross-Site Scripting

Feb 1, 2024 Patched in 5.1.4 (2d)
CVE-2023-4598high · 8.8Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Slimstat Analytics <= 5.0.9 - Authenticated (Contributor+) Blind SQL Injection via Shortcode

Sep 11, 2023 Patched in 5.0.10 (134d)
CVE-2023-4597medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Slimstat Analytics <= 5.0.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Aug 28, 2023 Patched in 5.0.10 (148d)
CVE-2023-40676medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Slimstat Analytics <= 5.0.8 - Authenticated (Administrator+) Stored Cross-Site Scripting via settings

Aug 22, 2023 Patched in 5.0.9 (154d)
CVE-2023-33994medium · 4.3Missing Authorization

Slimstat Analytics <= 5.0.5.1 - Missing Authorization via delete_pageview

Aug 22, 2023 Patched in 5.0.6 (154d)
CVE-2022-45373high · 7.2Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Slimstat Analytics <= 5.0.4 - Authenticated (Administrator+) SQL Injection

May 11, 2023 Patched in 5.0.5 (257d)
CVE-2022-45366medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Slimstat Analytics <= 5.0.4 - Reflected Cross-Site Scripting

May 11, 2023 Patched in 5.0.5 (257d)
WF-af075ffe-553a-4351-a696-5c678788f3b9-wp-slimstathigh · 8.8Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Slimstat Analytics <= 4.9.3.3 - Authenticated (Subscriber+) SQL Injection via Shortcode

Mar 30, 2023 Patched in 4.9.3.4 (299d)
CVE-2023-0630high · 8.8Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Slimstat Analytics <= 4.9.3.2 - Authenticated (Subscriber+) SQL Injection via Shortcode

Feb 23, 2023 Patched in 4.9.3.3 (334d)
CVE-2022-4310high · 7.2Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Slimstat Analytics <= 4.9.2 - Unauthenticated Stored Cross-Site Scripting

Dec 19, 2022 Patched in 4.9.3 (400d)
WF-9933ca13-32fd-4481-a18f-21e9a11c423c-wp-slimstatmedium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Slimstat Analytics <= 4.9.2 - Reflected Cross-Site Scripting via REQUEST_URI

Dec 12, 2022 Patched in 4.9.3 (407d)
WF-f87e78c5-e7f4-4af6-b64f-444fef23e890-wp-slimstathigh · 8.8Cross-Site Request Forgery (CSRF)

Slimstat Analytics <= 4.8.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting

May 22, 2019 Patched in 4.8.4 (1707d)
CVE-2019-15112medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

WP Slimstat <= 4.8 - Unauthenticated Stored Cross-Site Scripting from Visitors

May 21, 2019 Patched in 4.8.1 (1708d)
CVE-2015-9273medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Slimstat Analytics < 4.1.6.1 - Cross-Site Scripting

Jul 22, 2015 Patched in 4.1.6.1 (3107d)
WF-e2c11005-dcb3-40b3-863a-0612132acb08-wp-slimstathigh · 8.2Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Slimstat Analytics < 3.9.6 - Unauthenticated Blind SQL Injection

Feb 24, 2015 Patched in 3.9.6 (3255d)
CVE-2014-100027medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Slimstat Analytics <= 3.5.5 - Stored Cross-Site Scripting

Jan 13, 2015 Patched in 3.5.6 (3297d)
CVE-2015-1204medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Slimstat Analytics <= 3.9.2 - Cross-Site Scripting

Jan 6, 2015 Patched in 3.9.3 (3304d)
Version History

SlimStat Analytics Release Timeline

v5.4.9Current
v5.4.8
v5.4.6
v5.4.5
v5.4.4
v5.4.3
v5.4.2
v5.4.1
v5.4.0
v5.3.51 CVE
CVE-2026-1238
v5.3.42 CVEs
CVE-2025-15055 CVE-2026-1238
v5.3.33 CVEs
CVE-2025-15057 CVE-2025-15055 CVE-2026-1238
v5.3.25 CVEs
CVE-2025-69323 CVE-2025-14151 CVE-2025-15057 +2 more
v5.3.16 CVEs
CVE-2025-69323 CVE-2025-14151 CVE-2025-13431 +3 more
v5.3.06 CVEs
CVE-2025-69323 CVE-2025-14151 CVE-2025-13431 +3 more
v5.2.136 CVEs
CVE-2025-69323 CVE-2025-14151 CVE-2025-13431 +3 more
v5.2.126 CVEs
CVE-2025-69323 CVE-2025-14151 CVE-2025-13431 +3 more
v5.2.116 CVEs
CVE-2025-69323 CVE-2025-14151 CVE-2025-13431 +3 more
v5.2.106 CVEs
CVE-2025-69323 CVE-2025-14151 CVE-2025-13431 +3 more
v5.2.96 CVEs
CVE-2025-69323 CVE-2025-14151 CVE-2025-13431 +3 more
Code Analysis
Analyzed Mar 16, 2026

SlimStat Analytics Code Analysis

Dangerous Functions
42
Raw SQL Queries
6
191 prepared
Unescaped Output
114
560 escaped
Nonce Checks
25
Capability Checks
28
File Operations
94
External Requests
10
Bundled Libraries
1

Dangerous Functions Found

assertassert($cachedVersion === null || is_int($cachedVersion));src\Dependencies\BrowscapPHP\BrowscapUpdater.php:102
assertassert($response instanceof ResponseInterface);src\Dependencies\BrowscapPHP\BrowscapUpdater.php:131
assertassert($response instanceof ResponseInterface);src\Dependencies\BrowscapPHP\BrowscapUpdater.php:191
assertassert($cachedVersion === null || is_int($cachedVersion));src\Dependencies\BrowscapPHP\BrowscapUpdater.php:231
assertassert($response instanceof ResponseInterface);src\Dependencies\BrowscapPHP\BrowscapUpdater.php:239
assertassert($cachedVersion === null || is_int($cachedVersion));src\Dependencies\BrowscapPHP\Cache\BrowscapCache.php:64
assertassert($releaseDate === null || is_string($releaseDate));src\Dependencies\BrowscapPHP\Cache\BrowscapCache.php:86
assertassert($type === null || is_string($type));src\Dependencies\BrowscapPHP\Cache\BrowscapCache.php:108
unserializereturn unserialize($data['content']);src\Dependencies\BrowscapPHP\Cache\BrowscapCache.php:137
assertassert(is_string($cacheOption));src\Dependencies\BrowscapPHP\Command\CheckUpdateCommand.php:62
assertassert(is_string($cacheOption));src\Dependencies\BrowscapPHP\Command\ConvertCommand.php:60
assertassert(is_string($file));src\Dependencies\BrowscapPHP\Command\ConvertCommand.php:68
assertassert(is_string($cacheOption));src\Dependencies\BrowscapPHP\Command\FetchCommand.php:59
assertassert(is_string($file));src\Dependencies\BrowscapPHP\Command\FetchCommand.php:64
assertassert(is_string($remoteFileOption));src\Dependencies\BrowscapPHP\Command\FetchCommand.php:75
assertassert(is_string($cacheOption));src\Dependencies\BrowscapPHP\Command\ParserCommand.php:58
assertassert(is_string($uaArgument));src\Dependencies\BrowscapPHP\Command\ParserCommand.php:64
assertassert(is_string($cacheOption));src\Dependencies\BrowscapPHP\Command\UpdateCommand.php:57
assertassert(is_string($remoteFileOption));src\Dependencies\BrowscapPHP\Command\UpdateCommand.php:64
assertassert(is_callable($memoryProcessor));src\Dependencies\BrowscapPHP\Helper\LoggerHelper.php:33
assertassert(is_callable($peakMemoryProcessor));src\Dependencies\BrowscapPHP\Helper\LoggerHelper.php:36
assertassert(is_array($return));src\Dependencies\BrowscapPHP\Parser\Helper\GetData.php:138
unserialize$unserialized = @unserialize($value);src\Dependencies\MatthiasMullie\Scrapbook\Adapters\Couchbase.php:646
unserialize$value = unserialize($data[1]);src\Dependencies\MatthiasMullie\Scrapbook\Adapters\Flysystem.php:52
unserializereturn unserialize($value);src\Dependencies\MatthiasMullie\Scrapbook\Adapters\MemoryStore.php:61
unserializereturn unserialize($value);src\Dependencies\MatthiasMullie\Scrapbook\Adapters\SQL.php:362
shell_exec$sttyMode = shell_exec('stty -g');src\Dependencies\Symfony\Component\Console\Application.php:841
shell_execshell_exec('stty ' . $sttyMode);src\Dependencies\Symfony\Component\Console\Application.php:844
proc_open$isTtySupported = (bool) @proc_open('echo 1 >/dev/null', [['file', '/dev/tty', 'r'], ['file', '/dev/src\Dependencies\Symfony\Component\Console\Cursor.php:154
shell_exec$sttyMode = shell_exec('stty -g');src\Dependencies\Symfony\Component\Console\Cursor.php:159
shell_execshell_exec('stty -icanon -echo');src\Dependencies\Symfony\Component\Console\Cursor.php:160
shell_execshell_exec(sprintf('stty %s', $sttyMode));src\Dependencies\Symfony\Component\Console\Cursor.php:163
shell_exec$sttyMode = shell_exec('stty -g');src\Dependencies\Symfony\Component\Console\Helper\QuestionHelper.php:216
shell_execshell_exec('stty -icanon -echo');src\Dependencies\Symfony\Component\Console\Helper\QuestionHelper.php:221
shell_execshell_exec('stty ' . $sttyMode);src\Dependencies\Symfony\Component\Console\Helper\QuestionHelper.php:233
shell_execshell_exec('stty ' . $sttyMode);src\Dependencies\Symfony\Component\Console\Helper\QuestionHelper.php:318
shell_exec$sExec = shell_exec('"' . $exe . '"');src\Dependencies\Symfony\Component\Console\Helper\QuestionHelper.php:351
shell_exec$sttyMode = shell_exec('stty -g');src\Dependencies\Symfony\Component\Console\Helper\QuestionHelper.php:360
shell_execshell_exec('stty -echo');src\Dependencies\Symfony\Component\Console\Helper\QuestionHelper.php:361
shell_execshell_exec('stty ' . $sttyMode);src\Dependencies\Symfony\Component\Console\Helper\QuestionHelper.php:367
shell_execreturn self::$stty = (bool) shell_exec('stty 2> ' . ('\\' === \DIRECTORY_SEPARATOR ? 'NUL' : '/dev/nsrc\Dependencies\Symfony\Component\Console\Terminal.php:62
proc_openif (!$process = @proc_open($command, $descriptorspec, $pipes, null, null, ['suppress_errors' => truesrc\Dependencies\Symfony\Component\Console\Terminal.php:137

Bundled Libraries

Guzzle

SQL Query Safety

97% prepared197 total queries

Output Escaping

83% escaped674 total outputs
Data Flows · Security
14 unsanitized

Data Flow Analysis

20 flows14 with unsanitized paths
show_message (admin\index.php:1487)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
7 unprotected

SlimStat Analytics Attack Surface

Entry Points19
Unprotected7

AJAX Handlers 13

authwp_ajax_slimstat_load_reportadmin\index.php:236
authwp_ajax_slimstat_run_migrationssrc\Migration\Admin\MigrationAdmin.php:26
authwp_ajax_slimstat_migration_dismisssrc\Migration\Admin\MigrationAdmin.php:27
authwp_ajax_slimstat_migration_resetsrc\Migration\Admin\MigrationAdmin.php:28
authwp_ajax_slimstat_get_live_analytics_datasrc\Reports\Types\Analytics\LiveAnalyticsReport.php:474
authwp_ajax_slimstat_consent_revokedsrc\Services\Privacy\ConsentHandler.php:67
noprivwp_ajax_slimstat_consent_revokedsrc\Services\Privacy\ConsentHandler.php:68
authwp_ajax_slimstat_gdpr_consentsrc\Services\Privacy\ConsentHandler.php:70
noprivwp_ajax_slimstat_gdpr_consentsrc\Services\Privacy\ConsentHandler.php:71
noprivwp_ajax_slimtrackwp-slimstat.php:1682
authwp_ajax_slimtrackwp-slimstat.php:1683
authwp_ajax_slimstat_fetch_chart_datawp-slimstat.php:1702
authwp_ajax_slimstat_clear_cachewp-slimstat.php:1705

REST API Routes 5

POST/wp-json/slimstat/v1/consent-changesrc\Controllers\Rest\ConsentChangeRestController.php:42
GET/wp-json/slimstat/v1/consent-healthsrc\Controllers\Rest\ConsentHealthRestController.php:25
POST/wp-json/slimstat/v1/gdpr/consentsrc\Controllers\Rest\GDPRBannerRestController.php:32
POST/wp-json/slimstat/v1/hitsrc\Controllers\Rest\TrackingRestController.php:34
GET/wp-json/slimstat/v1/getwp-slimstat.php:796

Shortcodes 1

[slimstat] wp-slimstat.php:365
WordPress Hooks 61
actionadmin_menuadmin\index.php:30
actionadmin_post_slimstat_reset_layoutadmin\index.php:38
actionwpmu_new_blogadmin\index.php:164
filterwpmu_drop_tablesadmin\index.php:168
actionadmin_noticesadmin\index.php:172
actiontransition_comment_statusadmin\index.php:178
actionadmin_bar_menuadmin\index.php:183
actionadmin_enqueue_scriptsadmin\index.php:184
actionwp_enqueue_scriptsadmin\index.php:185
actionadmin_menuadmin\index.php:190
actionadmin_enqueue_scriptsadmin\index.php:204
actionwpadmin\index.php:205
actionadmin_initadmin\index.php:211
actionadmin_enqueue_scriptsadmin\index.php:248
actionadmin_enqueue_scriptsadmin\index.php:249
actionwp_dashboard_setupadmin\index.php:252
actionadmin_headadmin\index.php:372
filterslimstat_report_header_buttonsadmin\index.php:378
actionadmin_noticesadmin\index.php:394
filteradmin_body_classadmin\index.php:1054
actionadmin_enqueue_scriptsadmin\index.php:2364
filterscript_loader_tagadmin\index.php:2369
filterscript_loader_tagadmin\index.php:2395
actionadmin_menusrc\Migration\Admin\MigrationAdmin.php:24
actionadmin_noticessrc\Migration\Admin\MigrationAdmin.php:25
filteradmin_body_classsrc\Migration\Admin\MigrationAdmin.php:63
actioninitsrc\Migration\MigrationService.php:23
actionrest_api_initsrc\Providers\RestApiManager.php:34
actioninitsrc\Providers\RestApiManager.php:35
actiontemplate_redirectsrc\Providers\RestApiManager.php:36
actioninitsrc\Reports\Bootstrap.php:186
actionslimstat_register_custom_reportssrc\Reports\Bootstrap.php:189
filterslimstat_reports_infosrc\Reports\Registry\LegacyReportAdapter.php:63
actionwp_slimstat_reports_initsrc\Reports\Registry\LegacyReportAdapter.php:69
actionadmin_enqueue_scriptssrc\Reports\Types\Analytics\LiveAnalyticsReport.php:478
actionadmin_initsrc\Services\Admin\Notification\NotificationManager.php:12
filterwp_get_consent_typesrc\Utils\Consent.php:99
actionlogin_initwp-slimstat.php:292
actionlogin_enqueue_scriptswp-slimstat.php:299
filterscript_loader_tagwp-slimstat.php:302
actionwp_enqueue_scriptswp-slimstat.php:308
actionlogin_enqueue_scriptswp-slimstat.php:309
actionwp_footerwp-slimstat.php:310
actionlogin_footerwp-slimstat.php:311
filterwp_privacy_personal_data_exporterswp-slimstat.php:338
filterwp_privacy_personal_data_eraserswp-slimstat.php:339
actionadmin_initwp-slimstat.php:342
actionwp_slimstat_purgewp-slimstat.php:348
actionwp_slimstat_generate_daily_saltwp-slimstat.php:351
actionwp_slimstat_update_geoip_databasewp-slimstat.php:354
filterallowed_http_originswp-slimstat.php:357
filterwp_redirect_statuswp-slimstat.php:362
actioninitwp-slimstat.php:368
actionrest_api_initwp-slimstat.php:371
actioninitwp-slimstat.php:376
actiontemplate_redirectwp-slimstat.php:700
actioninitwp-slimstat.php:701
filterdate_i8nwp-slimstat.php:873
actionwidgets_initwp-slimstat.php:1694
actioninitwp-slimstat.php:1697
actionplugins_loadedwp-slimstat.php:1700

Scheduled Events 4

wp_slimstat_update_geoip_database
wp_slimstat_purge
wp_slimstat_generate_daily_salt
wp_slimstat_update_geoip_database
Maintenance & Trust

SlimStat Analytics Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedApr 3, 2026
PHP min version7.4
Downloads7.1M

Community Trust

Rating96/100
Number of ratings817
Active installs80K
Alternatives

SlimStat Analytics Alternatives

GA Google Analytics – Connect Google Analytics to WordPress

GA Google Analytics – Connect Google Analytics to WordPress

ga-google-analytics

A
100

Adds Google Analytics tracking code to your WordPress site. Supports many tracking features.

400K No CVEs
Connect Matomo – Analytics Dashboard for WordPress

Connect Matomo – Analytics Dashboard for WordPress

wp-piwik

A
97

Adds Matomo (former Piwik) statistics to your WordPress dashboard and is also able to add the Matomo Tracking Code to your blog.

60K 5 CVEs
NewStatPress

NewStatPress

newstatpress

B
76

NewStatPress (Statpress plugin fork) is a real-time plugin to manage the visits' statistics about your blog (without external web analytics).

9K 10 CVEs
User Activity Tracking and Log

User Activity Tracking and Log

user-activity-tracking-and-log

A
99

Track time and monitor user activity & history on your website, LMS online learning system, membership or WooCommerce site.

3K 2 CVEs
Better Google Analytics

Better Google Analytics

better-analytics

A
85

Track everything with Google Analytics (clicked links, emails opened, YouTube videos being watched, etc.). Includes real time Analytics dashboard.

2K No CVEs
Developer Profile

SlimStat Analytics Developer Profile

VeronaLabs

4 plugins · 688K total installs

69
trust score
Avg Security Score
86/100
Avg Patch Time
908 days
View full developer profile
Detection Fingerprints

How We Detect SlimStat Analytics

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/wp-slimstat/assets/css/slimstat-frontend.css/wp-content/plugins/wp-slimstat/assets/css/slimstat-frontend-rtl.css/wp-content/plugins/wp-slimstat/assets/js/slimstat-frontend.js
Script Paths
/wp-content/plugins/wp-slimstat/assets/js/slimstat-frontend.js
Version Parameters
wp-slimstat/assets/css/slimstat-frontend.css?ver=wp-slimstat/assets/css/slimstat-frontend-rtl.css?ver=wp-slimstat/assets/js/slimstat-frontend.js?ver=

HTML / DOM Fingerprints

CSS Classes
slimstat-frontend
HTML Comments
<!-- SLIMSTAT START TRACKING --><!-- SLIMSTAT END TRACKING -->
JS Globals
window.slimstatvar slimstat_config
REST Endpoints
/wp-json/slimstat/v1/track
Shortcode Output
[slimstat_visits][slimstat_pageviews][slimstat_referrers][slimstat_top_pages]
FAQ

Frequently Asked Questions about SlimStat Analytics