Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

veronalabs — Vulnerabilities & Security Advisories 34

Browse all 34 CVE security advisories affecting veronalabs. AI-powered Chinese analysis, POCs, and references for each vulnerability.

VeronaLabs operates as a provider of specialized software solutions, though specific product details remain obscure in public records. An analysis of its security posture reveals a concerning history, with thirty-four Common Vulnerabilities and Exposures (CVEs) currently documented. These vulnerabilities predominantly span critical classes such as Remote Code Execution (RCE), Cross-Site Scripting (XSS), and privilege escalation flaws. The high frequency of RCE issues suggests systemic weaknesses in input validation and sandboxing mechanisms within their architecture. While no single catastrophic data breach has been widely publicized, the cumulative impact of these thirty-four entries indicates a persistent struggle with fundamental secure coding practices. This pattern of recurring, high-severity flaws implies that the organization may lack robust automated security testing or rigorous code review processes. Consequently, users and administrators face significant risks when deploying VeronaLabs products, necessitating strict network segmentation and continuous monitoring to mitigate potential exploitation vectors.

Found 11 results / 34Clear Filters
Top products by veronalabs: SlimStat Analytics WP SMS WP Statistics – Simple, privacy-friendly Google Analytics alternative WP Statistics WP SMS – Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc WSMS (formerly WP SMS) – SMS & MMS Notifications with OTP and 2FA for WooCommerce
CVE IDTitleCVSSSeverityPublished
CVE-2026-1238 SlimStat Analytics <= 5.3.5 - Unauthenticated Stored Cross-Site Scripting via 'fh' — SlimStat AnalyticsCWE-79 7.2 High2026-03-19
CVE-2025-69323 WordPress Slimstat Analytics plugin <= 5.3.2 - Reflected Cross Site Scripting (XSS) vulnerability — Slimstat AnalyticsCWE-79 7.1 High2026-02-20
CVE-2025-13431 SlimStat Analytics <= 5.3.1 - Authenticated (Subscriber+) SQL Injection via `args` Parameter — SlimStat AnalyticsCWE-89 6.5 Medium2026-02-11
CVE-2025-15055 SlimStat Analytics <= 5.3.4 - Unauthenticated Stored Cross-Site Scripting via 'notes/resource' Parameters — SlimStat AnalyticsCWE-79 7.2 High2026-01-09
CVE-2025-15057 SlimStat Analytics <= 5.3.3 - Unauthenticated Stored Cross-Site Scripting via 'fh' Parameter — SlimStat AnalyticsCWE-79 7.2 High2026-01-09
CVE-2025-14151 SlimStat Analytics <= 5.3.2 - Unauthenticated Stored Cross-Site Scripting — SlimStat AnalyticsCWE-79 7.2 High2025-12-19
CVE-2023-33994 WordPress Slimstat Analytics plugin <= 5.0.5.1 - Broken Access Control vulnerability — Slimstat AnalyticsCWE-862 6.5 Medium2024-12-13
CVE-2024-9548 Slimstat Analytics <= 5.2.6 - Unauthenticated Stored Cross-Site Scripting — SlimStat AnalyticsCWE-79 7.2 High2024-10-14
CVE-2024-1073 SlimStat Analytics <= 5.1.3 - Authenticated (Subscriber+) Stored Cross-Site Scripting — SlimStat AnalyticsCWE-79 6.4 Medium2024-02-02
CVE-2023-4598 Slimstat Analytics <= 5.0.9 - Authenticated (Contributor+) Blind SQL Injection via Shortcode — SlimStat AnalyticsCWE-89 8.8 High2023-10-20
CVE-2023-4597 Slimstat Analytics <= 5.0.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode — SlimStat AnalyticsCWE-79 6.4 Medium2023-08-30

This page lists every published CVE security advisory associated with veronalabs. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.