VeronaLabs 厂商漏洞列表 / CVE 中文分析 34

VeronaLabs 厂商相关 34 条 CVE 漏洞，含 AI 中文分析、POC、CVSS 评分与受影响产品。

VeronaLabs 主要提供企业级安全解决方案及开源工具，旨在强化数字资产防护。其相关产品历史上曾暴露出远程代码执行、跨站脚本及越权访问等常见漏洞，累计收录 CVE 达 34 条。值得关注的是，该厂商在漏洞响应机制上表现积极，多数高危问题在披露后迅速获得补丁修复。这些历史安全事件反映了其软件架构在复杂场景下的潜在风险，提示用户需保持版本更新以规避已知威胁。

上位製品 VeronaLabs: SlimStat Analytics WP SMS WP Statistics – Simple, privacy-friendly Google Analytics alternative WP Statistics WP SMS – Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc WSMS (formerly WP SMS) – SMS & MMS Notifications with OTP and 2FA for WooCommerce

CVEs 34

CVE ID	タイトル	CVSS	深刻度	公開日
CVE-2026-5231	WP Statistics <= 14.16.4 - Unauthenticated Stored Cross-Site Scripting via 'utm_source' Parameter — WP Statistics – Simple, privacy-friendly Google Analytics alternativeCWE-79	7.2	High	2026-04-17
CVE-2026-3488	WP Statistics <= 14.16.4 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Exposure and Privacy Audit Manipulation — WP Statistics – Simple, privacy-friendly Google Analytics alternativeCWE-862	6.5	Medium	2026-04-17
CVE-2026-1238	SlimStat Analytics <= 5.3.5 - Unauthenticated Stored Cross-Site Scripting via 'fh' — SlimStat AnalyticsCWE-79	7.2	High	2026-03-19
CVE-2026-28136	WordPress WP SMS plugin <= 6.9.12 - SQL Injection vulnerability — WP SMSCWE-89	7.6	High	2026-02-26
CVE-2025-69323	WordPress Slimstat Analytics plugin <= 5.3.2 - Reflected Cross Site Scripting (XSS) vulnerability — Slimstat AnalyticsCWE-79	7.1	High	2026-02-20
CVE-2026-25343	WordPress WP SMS plugin <= 7.1 - Cross Site Scripting (XSS) vulnerability — WP SMSCWE-79	5.9	Medium	2026-02-19
CVE-2025-13431	SlimStat Analytics <= 5.3.1 - Authenticated (Subscriber+) SQL Injection via `args` Parameter — SlimStat AnalyticsCWE-89	6.5	Medium	2026-02-11
CVE-2025-15055	SlimStat Analytics <= 5.3.4 - Unauthenticated Stored Cross-Site Scripting via 'notes/resource' Parameters — SlimStat AnalyticsCWE-79	7.2	High	2026-01-09
CVE-2025-15057	SlimStat Analytics <= 5.3.3 - Unauthenticated Stored Cross-Site Scripting via 'fh' Parameter — SlimStat AnalyticsCWE-79	7.2	High	2026-01-09
CVE-2025-14151	SlimStat Analytics <= 5.3.2 - Unauthenticated Stored Cross-Site Scripting — SlimStat AnalyticsCWE-79	7.2	High	2025-12-19
CVE-2025-62006	WordPress WP SMS plugin <= 7.0.1 - Broken Access Control vulnerability — WP SMSCWE-862	5.4	Medium	2025-10-22
CVE-2025-9816	WP Statistics <= 14.5.4 - Unauthenticated Stored Cross-Site Scripting via User-Agent Header — WP Statistics – Simple, privacy-friendly Google Analytics alternativeCWE-79	7.2	High	2025-09-27
CVE-2025-55716	WordPress WP Statistics Plugin <= 14.15 - Broken Access Control Vulnerability — WP StatisticsCWE-862	4.3	Medium	2025-08-14
CVE-2025-3953	WP Statistics – The Most Popular Privacy-Friendly Analytics Plugin <= 14.13.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Settings Update — WP Statistics – Simple, privacy-friendly Google Analytics alternativeCWE-862	5.4	Medium	2025-04-30
CVE-2023-33994	WordPress Slimstat Analytics plugin <= 5.0.5.1 - Broken Access Control vulnerability — Slimstat AnalyticsCWE-862	6.5	Medium	2024-12-13
CVE-2024-9548	Slimstat Analytics <= 5.2.6 - Unauthenticated Stored Cross-Site Scripting — SlimStat AnalyticsCWE-79	7.2	High	2024-10-14
CVE-2024-43331	WordPress WP SMS plugin <= 6.9.3 - Broken Access Control vulnerability — WP SMSCWE-862	5.3	Medium	2024-08-22
CVE-2024-34811	WordPress WP SMS plugin <= 6.5.1 - Cross Site Scripting (XSS) vulnerability — WP SMSCWE-79	5.9	Medium	2024-05-13
CVE-2024-30454	WordPress WP SMS plugin <= 6.6.2 - Cross Site Request Forgery (CSRF) vulnerability — WP SMSCWE-352	4.3	Medium	2024-03-29
CVE-2024-25920	WordPress WP SMS plugin <= 6.3.4 - Cross Site Scripting (XSS) vulnerability — WP SMSCWE-79	6.5	Medium	2024-03-27
CVE-2024-2194	WP Statistics <= 14.5 - Unauthenticated Stored Cross-Site Scripting — WP Statistics – Simple, privacy-friendly Google Analytics alternativeCWE-79	7.2	High	2024-03-13
CVE-2024-24881	WordPress WP SMS Plugin <= 6.5.2 is vulnerable to Cross Site Scripting (XSS) — WP SMS – Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etcCWE-79	7.1	High	2024-02-08
CVE-2024-1073	SlimStat Analytics <= 5.1.3 - Authenticated (Subscriber+) Stored Cross-Site Scripting — SlimStat AnalyticsCWE-79	6.4	Medium	2024-02-02
CVE-2023-6980	WP SMS <= 6.5 - Cross-Site Request Forgery to Subscriber Deletion — WSMS (formerly WP SMS) – SMS & MMS Notifications with OTP and 2FA for WooCommerceCWE-352	4.3	Medium	2024-01-03
CVE-2023-6981	WP SMS <= 6.5 - Authenticated (Admin+) SQL Injection to Reflected Cross-Site Scripting — WSMS (formerly WP SMS) – SMS & MMS Notifications with OTP and 2FA for WooCommerceCWE-89	6.1	Medium	2024-01-03
CVE-2023-27447	WordPress WP SMS Plugin <= 6.0.4 is vulnerable to Sensitive Data Exposure — WP SMS – Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etcCWE-200	5.3	Medium	2023-12-28
CVE-2023-4598	Slimstat Analytics <= 5.0.9 - Authenticated (Contributor+) Blind SQL Injection via Shortcode — SlimStat AnalyticsCWE-89	8.8	High	2023-10-20
CVE-2023-32742	WordPress WP SMS Plugin <= 6.1.4 is vulnerable to Cross Site Scripting (XSS) — WP SMSCWE-79	7.1	High	2023-08-30
CVE-2023-4597	Slimstat Analytics <= 5.0.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode — SlimStat AnalyticsCWE-79	6.4	Medium	2023-08-30
CVE-2022-38074	WordPress WP Statistics Plugin <= 13.2.10 is vulnerable to SQL Injection — WP StatisticsCWE-89	9.9	High	2023-03-13

本页汇总了 VeronaLabs 厂商截至目前公开的全部 34 条 CVE 漏洞。每条漏洞均包含 CVSS 评分、CWE 弱点分类、受影响产品与参考链接，并附带 AI 生成的中文分析以便快速判断风险。

目標達成 すべての支援者に感謝 — 100%達成しました！

VeronaLabs 厂商漏洞列表 / CVE 中文分析 34

目標達成すべての支援者に感謝 — 100%達成しました！