What is CVE-2026-1238 — XSS in SlimStat Analytics WordPress Plugin?

CVE-2026-1238 is a stored Cross-Site Scripting (XSS) vulnerability in the SlimStat Analytics WordPress plugin, allowing attackers to inject malicious scripts via the 'fh' parameter.

Am I affected by CVE-2026-1238 in SlimStat Analytics WordPress Plugin?

You are affected if you are using SlimStat Analytics WordPress plugin versions 0.0.0 through 5.3.5. Upgrade to 5.4.0 or later to mitigate the risk.

How do I fix CVE-2026-1238 in SlimStat Analytics WordPress Plugin?

Upgrade the SlimStat Analytics plugin to version 5.4.0 or later. Consider a WAF rule to block suspicious input in the 'fh' parameter as a temporary workaround.

Is CVE-2026-1238 being actively exploited?

As of now, there are no reports of active exploitation campaigns targeting CVE-2026-1238, but the vulnerability's ease of exploitation warrants caution.

Where can I find the official SlimStat Analytics advisory for CVE-2026-1238?

Refer to the SlimStat Analytics plugin documentation and website for the official advisory and update information.

CVE-2026-1238 — Vulnerability Details

NEXTGUARD

Escanear grátis

CVE-2026-1238 — Vulnerability Details | NextGuard

Passos de Detecçãotraduzindo…

• wordpress / composer / npm:

grep -r 'fh=.*;' /var/www/html/wp-content/plugins/slimstat-analytics/*

• generic web:

curl -I 'https://your-wordpress-site.com/?fh=<script>alert(1)</script>' | grep 'Content-Type:'

• wordpress / composer / npm:

wp plugin list --status=active | grep slimstat-analytics

SlimStat Analytics <= 5.3.5 - Cross-Site Scripting (XSS) Armazenado Não Autenticado via 'fh'

Impacto e Cenários de Ataquetraduzindo…

Contexto de Exploraçãotraduzindo…

Quem Está em Riscotraduzindo…

Passos de Detecçãotraduzindo…

Linha do Tempo do Ataque

Inteligência de Ameaças

Software Afetado

Classificação de Fraqueza (CWE)

Linha do tempo

Mitigação e Soluções Alternativastraduzindo…

Como corrigir

Boletim de Segurança CVE

Perguntas frequentestraduzindo…

What is CVE-2026-1238 — XSS in SlimStat Analytics WordPress Plugin?

Am I affected by CVE-2026-1238 in SlimStat Analytics WordPress Plugin?

How do I fix CVE-2026-1238 in SlimStat Analytics WordPress Plugin?

Is CVE-2026-1238 being actively exploited?

Where can I find the official SlimStat Analytics advisory for CVE-2026-1238?

Informações do pacote

Seu projeto está afetado?

Detecte esta CVE no seu projeto