Authenticated (Subscriber+) SQL Injection via Shortcode

Authenticated (Subscriber+) SQL Injection via Shortcode vulnerability is reported to be still existing in the current version:

https://patchstack.com/database/vulnerability/wp-slimstat/wordpress-slimstat-analytics-plugin-4-9-3-3-authenticated-subscriber-sql-injection-via-shortcode-vulnerability?_a_id=110

https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/wp-slimstat/slimstat-analytics-4932-authenticated-contributor-stored-cross-site-scripting-via-shortcode

It is said to be fixed with update to 4.9.4 but as the plugin is currently/temporary removed from www.remarpro.com I dont see any option to update in the moment.

Is version 4.9.4 available anywhere else? And if not, any idea when the plugin will be re-established on www.remarpro.com to get (automatic) updates to work again?

Cheers from Germany!

Armin

• This topic was modified 1 year, 11 months ago by armreu.