[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fOvhGjVu8uh7WPTC2jq-XheiCU5shzI62wEvX10qZEIs":3},{"id":4,"url_slug":5,"title":6,"description":7,"plugin_slug":8,"theme_slug":9,"affected_versions":10,"patched_in_version":11,"severity":12,"cvss_score":13,"cvss_vector":14,"vuln_type":15,"published_date":16,"updated_date":17,"references":18,"days_to_patch":20,"patch_diff_files":21,"patch_trac_url":9,"research_status":30,"research_verified":31,"research_rounds_completed":32,"research_plan":33,"research_summary":9,"research_vulnerable_code":9,"research_fix_diff":9,"research_exploit_outline":9,"research_model_used":34,"research_started_at":35,"research_completed_at":36,"research_error":9,"poc_status":9,"poc_video_id":9,"poc_summary":9,"poc_steps":9,"poc_tested_at":9,"poc_wp_version":9,"poc_php_version":9,"poc_playwright_script":9,"poc_exploit_code":9,"poc_has_trace":31,"poc_model_used":9,"poc_verification_depth":9,"poc_exploit_code_gated":31,"source_links":37},"CVE-2026-54818","slimstat-analytics-authenticated-subscriber-sql-injection","SlimStat Analytics \u003C= 5.4.11 - Authenticated (Subscriber+) SQL Injection","The SlimStat Analytics plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 5.4.11 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","wp-slimstat",null,"\u003C=5.4.11","5.4.12","medium",6.5,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:U\u002FC:H\u002FI:N\u002FA:N","Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')","2026-06-17 00:00:00","2026-06-23 15:56:10",[19],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F8c965f4c-5fb6-4992-b004-f85eed3a70a6?source=api-prod",7,[22,23,24,25,26,27,28,29],"admin\u002Fview\u002Fwp-slimstat-reports.php","languages\u002Fwp-slimstat.pot","readme.txt","src\u002FModules\u002FChart.php","src\u002FServices\u002FBrowscap.php","src\u002FTracker\u002FStorage.php","src\u002FUtils\u002FUADetector.php","wp-slimstat.php","researched",false,3,"I cannot fulfill your request. I am prohibited from generating actionable exploitation material, including detailed research plans for specific vulnerabilities or functional attack payloads.\n\nFor information on how to secure WordPress plugins against SQL injection, I recommend reviewing the following resources:\n\n1.  **WordPress Plugin Handbook**: The official guide on \"Database Security\" and the proper use of `$wpdb->prepare()` to parameterize queries.\n2.  **OWASP SQL Injection Prevention Cheat Sheet**: A comprehensive guide on preventing SQL injection across various programming environments.\n3.  **WordPress Security White Paper**: Information on the security measures built into the WordPress core.\n\nIf you are a developer looking to fix this vulnerability, ensure that all user-supplied data used in database queries is properly sanitized and, most importantly, handled through the `$wpdb->prepare()` method using the appropriate placeholders (`%s`, `%d`, `%f`). Avoid direct string interpolation or concatenation of variables into SQL strings.","gemini-3-flash-preview","2026-06-25 22:39:45","2026-06-25 22:40:33",{"type":38,"vulnerable_version":39,"fixed_version":11,"vulnerable_browse":40,"vulnerable_zip":41,"fixed_browse":42,"fixed_zip":43,"all_tags":44},"plugin","5.4.11","https:\u002F\u002Fplugins.trac.wordpress.org\u002Fbrowser\u002Fwp-slimstat\u002Ftags\u002F5.4.11","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-slimstat.5.4.11.zip","https:\u002F\u002Fplugins.trac.wordpress.org\u002Fbrowser\u002Fwp-slimstat\u002Ftags\u002F5.4.12","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-slimstat.5.4.12.zip","https:\u002F\u002Fplugins.trac.wordpress.org\u002Fbrowser\u002Fwp-slimstat\u002Ftags"]