Title: Authenticated (Subscriber+) SQL Injection via Shortcode Last modified: March 31, 2023 --- # Authenticated (Subscriber+) SQL Injection via Shortcode * Resolved [armreu](https://wordpress.org/support/users/armreu/) * (@armreu) * [3 years, 1 month ago](https://wordpress.org/support/topic/authenticated-subscriber-sql-injection-via-shortcode/) * Authenticated (Subscriber+) SQL Injection via Shortcode vulnerability is reported to be still existing in the current version: * [https://patchstack.com/database/vulnerability/wp-slimstat/wordpress-slimstat-analytics-plugin-4-9-3-3-authenticated-subscriber-sql-injection-via-shortcode-vulnerability?_a_id=110](https://patchstack.com/database/vulnerability/wp-slimstat/wordpress-slimstat-analytics-plugin-4-9-3-3-authenticated-subscriber-sql-injection-via-shortcode-vulnerability?_a_id=110) * [https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/wp-slimstat/slimstat-analytics-4932-authenticated-contributor-stored-cross-site-scripting-via-shortcode](https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/wp-slimstat/slimstat-analytics-4932-authenticated-contributor-stored-cross-site-scripting-via-shortcode) * It is said to be fixed with update to 4.9.4 but as the plugin is currently/temporary removed from wordpress.org I dont see any option to update in the moment. * Is version 4.9.4 available anywhere else? And if not, any idea when the plugin will be re-established on wordpress.org to get (automatic) updates to work again? * Cheers from Germany! * Armin - This topic was modified 3 years, 1 month ago by [armreu](https://wordpress.org/support/users/armreu/). Viewing 2 replies - 1 through 2 (of 2 total) * Plugin Author [Mostafa Soufi](https://wordpress.org/support/users/mostafas1990/) * (@mostafas1990) * [3 years, 1 month ago](https://wordpress.org/support/topic/authenticated-subscriber-sql-injection-via-shortcode/#post-16613223) * Hi Armin, * Thank you for opening the topic, you can update the plugin manually by downloading it through [https://wordpress.org/plugins/wp-slimstat/](https://wordpress.org/plugins/wp-slimstat/) * In the case of the main issue, we’ve fixed the security issues and waiting for confirming the WordPress.org to restore the plugin. * Best * [S o f t f u l l y](https://wordpress.org/support/users/softfully/) * (@softfully) * [3 years ago](https://wordpress.org/support/topic/authenticated-subscriber-sql-injection-via-shortcode/#post-16734945) * WordPress Slimstat Analytics plugin <= 5.0.4 – SQL Injection (SQLi) vulnerability * WordPress Slimstat Analytics plugin <= 5.0.4 – Reflected Cross-Site Scripting( XSS) vulnerability Viewing 2 replies - 1 through 2 (of 2 total) The topic ‘Authenticated (Subscriber+) SQL Injection via Shortcode’ is closed to new replies. * ![](https://ps.w.org/wp-slimstat/assets/icon.svg?rev=2832242) * [SlimStat Analytics](https://wordpress.org/plugins/wp-slimstat/) * [Frequently Asked Questions](https://wordpress.org/plugins/wp-slimstat/#faq) * [Support Threads](https://wordpress.org/support/plugin/wp-slimstat/) * [Active Topics](https://wordpress.org/support/plugin/wp-slimstat/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/wp-slimstat/unresolved/) * [Reviews](https://wordpress.org/support/plugin/wp-slimstat/reviews/) ## Tags * [current version](https://wordpress.org/support/topic-tag/current-version/) * [Updates](https://wordpress.org/support/topic-tag/updates/) * 3 replies * 3 participants * Last reply from: [S o f t f u l l y](https://wordpress.org/support/users/softfully/) * Last activity: [3 years ago](https://wordpress.org/support/topic/authenticated-subscriber-sql-injection-via-shortcode/#post-16734945) * Status: resolved