Replies: 1
Authenticated (Subscriber+) SQL Injection via Shortcode vulnerability is reported to be still existing in the current version:
https://patchstack.com/database/vulnerability/wp-slimstat/wordpress-slimstat-analytics-plugin-4-9-3-3-authenticated-subscriber-sql-injection-via-shortcode-vulnerability?_a_id=110
https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/wp-slimstat/slimstat-analytics-4932-authenticated-contributor-stored-cross-site-scripting-via-shortcode
It is said to be fixed with update to 4.9.4 but as the plugin is currently/temporary removed from projectdmc.org I dont see any option to update in the moment.
Is version 4.9.4 available anywhere else? And if not, any idea when the plugin will be re-established on projectdmc.org to get (automatic) updates to work again?
Cheers from Germany!
Armin
- This topic was modified 3 hours, 6 minutes ago by .