Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

VeronaLabs — Vulnerabilities & Security Advisories 34

Browse all 34 CVE security advisories affecting VeronaLabs. AI-powered Chinese analysis, POCs, and references for each vulnerability.

VeronaLabs operates as a provider of specialized software solutions, though specific product details remain obscure in public records. An analysis of its security posture reveals a concerning history, with thirty-four Common Vulnerabilities and Exposures (CVEs) currently documented. These vulnerabilities predominantly span critical classes such as Remote Code Execution (RCE), Cross-Site Scripting (XSS), and privilege escalation flaws. The high frequency of RCE issues suggests systemic weaknesses in input validation and sandboxing mechanisms within their architecture. While no single catastrophic data breach has been widely publicized, the cumulative impact of these thirty-four entries indicates a persistent struggle with fundamental secure coding practices. This pattern of recurring, high-severity flaws implies that the organization may lack robust automated security testing or rigorous code review processes. Consequently, users and administrators face significant risks when deploying VeronaLabs products, necessitating strict network segmentation and continuous monitoring to mitigate potential exploitation vectors.

Top products by VeronaLabs: SlimStat Analytics WP SMS WP Statistics – Simple, privacy-friendly Google Analytics alternative WP Statistics WP SMS – Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc WSMS (formerly WP SMS) – SMS & MMS Notifications with OTP and 2FA for WooCommerce
CVE IDTitleCVSSSeverityPublished
CVE-2026-5231 WP Statistics <= 14.16.4 - Unauthenticated Stored Cross-Site Scripting via 'utm_source' Parameter — WP Statistics – Simple, privacy-friendly Google Analytics alternativeCWE-79 7.2 High2026-04-17
CVE-2026-3488 WP Statistics <= 14.16.4 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Exposure and Privacy Audit Manipulation — WP Statistics – Simple, privacy-friendly Google Analytics alternativeCWE-862 6.5 Medium2026-04-17
CVE-2026-1238 SlimStat Analytics <= 5.3.5 - Unauthenticated Stored Cross-Site Scripting via 'fh' — SlimStat AnalyticsCWE-79 7.2 High2026-03-19
CVE-2026-28136 WordPress WP SMS plugin <= 6.9.12 - SQL Injection vulnerability — WP SMSCWE-89 7.6 High2026-02-26
CVE-2025-69323 WordPress Slimstat Analytics plugin <= 5.3.2 - Reflected Cross Site Scripting (XSS) vulnerability — Slimstat AnalyticsCWE-79 7.1 High2026-02-20
CVE-2026-25343 WordPress WP SMS plugin <= 7.1 - Cross Site Scripting (XSS) vulnerability — WP SMSCWE-79 5.9 Medium2026-02-19
CVE-2025-13431 SlimStat Analytics <= 5.3.1 - Authenticated (Subscriber+) SQL Injection via `args` Parameter — SlimStat AnalyticsCWE-89 6.5 Medium2026-02-11
CVE-2025-15055 SlimStat Analytics <= 5.3.4 - Unauthenticated Stored Cross-Site Scripting via 'notes/resource' Parameters — SlimStat AnalyticsCWE-79 7.2 High2026-01-09
CVE-2025-15057 SlimStat Analytics <= 5.3.3 - Unauthenticated Stored Cross-Site Scripting via 'fh' Parameter — SlimStat AnalyticsCWE-79 7.2 High2026-01-09
CVE-2025-14151 SlimStat Analytics <= 5.3.2 - Unauthenticated Stored Cross-Site Scripting — SlimStat AnalyticsCWE-79 7.2 High2025-12-19
CVE-2025-62006 WordPress WP SMS plugin <= 7.0.1 - Broken Access Control vulnerability — WP SMSCWE-862 5.4 Medium2025-10-22
CVE-2025-9816 WP Statistics <= 14.5.4 - Unauthenticated Stored Cross-Site Scripting via User-Agent Header — WP Statistics – Simple, privacy-friendly Google Analytics alternativeCWE-79 7.2 High2025-09-27
CVE-2025-55716 WordPress WP Statistics Plugin <= 14.15 - Broken Access Control Vulnerability — WP StatisticsCWE-862 4.3 Medium2025-08-14
CVE-2025-3953 WP Statistics – The Most Popular Privacy-Friendly Analytics Plugin <= 14.13.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Settings Update — WP Statistics – Simple, privacy-friendly Google Analytics alternativeCWE-862 5.4 Medium2025-04-30
CVE-2023-33994 WordPress Slimstat Analytics plugin <= 5.0.5.1 - Broken Access Control vulnerability — Slimstat AnalyticsCWE-862 6.5 Medium2024-12-13
CVE-2024-9548 Slimstat Analytics <= 5.2.6 - Unauthenticated Stored Cross-Site Scripting — SlimStat AnalyticsCWE-79 7.2 High2024-10-14
CVE-2024-43331 WordPress WP SMS plugin <= 6.9.3 - Broken Access Control vulnerability — WP SMSCWE-862 5.3 Medium2024-08-22
CVE-2024-34811 WordPress WP SMS plugin <= 6.5.1 - Cross Site Scripting (XSS) vulnerability — WP SMSCWE-79 5.9 Medium2024-05-13
CVE-2024-30454 WordPress WP SMS plugin <= 6.6.2 - Cross Site Request Forgery (CSRF) vulnerability — WP SMSCWE-352 4.3 Medium2024-03-29
CVE-2024-25920 WordPress WP SMS plugin <= 6.3.4 - Cross Site Scripting (XSS) vulnerability — WP SMSCWE-79 6.5 Medium2024-03-27
CVE-2024-2194 WP Statistics <= 14.5 - Unauthenticated Stored Cross-Site Scripting — WP Statistics – Simple, privacy-friendly Google Analytics alternativeCWE-79 7.2 High2024-03-13
CVE-2024-24881 WordPress WP SMS Plugin <= 6.5.2 is vulnerable to Cross Site Scripting (XSS) — WP SMS – Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etcCWE-79 7.1 High2024-02-08
CVE-2024-1073 SlimStat Analytics <= 5.1.3 - Authenticated (Subscriber+) Stored Cross-Site Scripting — SlimStat AnalyticsCWE-79 6.4 Medium2024-02-02
CVE-2023-6980 WP SMS <= 6.5 - Cross-Site Request Forgery to Subscriber Deletion — WSMS (formerly WP SMS) – SMS & MMS Notifications with OTP and 2FA for WooCommerceCWE-352 4.3 Medium2024-01-03
CVE-2023-6981 WP SMS <= 6.5 - Authenticated (Admin+) SQL Injection to Reflected Cross-Site Scripting — WSMS (formerly WP SMS) – SMS & MMS Notifications with OTP and 2FA for WooCommerceCWE-89 6.1 Medium2024-01-03
CVE-2023-27447 WordPress WP SMS Plugin <= 6.0.4 is vulnerable to Sensitive Data Exposure — WP SMS – Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etcCWE-200 5.3 Medium2023-12-28
CVE-2023-4598 Slimstat Analytics <= 5.0.9 - Authenticated (Contributor+) Blind SQL Injection via Shortcode — SlimStat AnalyticsCWE-89 8.8 High2023-10-20
CVE-2023-32742 WordPress WP SMS Plugin <= 6.1.4 is vulnerable to Cross Site Scripting (XSS) — WP SMSCWE-79 7.1 High2023-08-30
CVE-2023-4597 Slimstat Analytics <= 5.0.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode — SlimStat AnalyticsCWE-79 6.4 Medium2023-08-30
CVE-2022-38074 WordPress WP Statistics Plugin <= 13.2.10 is vulnerable to SQL Injection — WP StatisticsCWE-89 9.9 High2023-03-13

This page lists every published CVE security advisory associated with VeronaLabs. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.