CVE-2026-27410
Deferred Deferred - Pending Action
BaseFortify

Publication date: 2026-06-17

Last updated on: 2026-06-17

Assigner: Patchstack

Description
Unauthenticated Deserialization of untrusted data in Slimstat Analytics < 5.4.0 versions.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-17
Last Modified
2026-06-17
Generated
2026-06-17
AI Q&A
2026-06-17
EPSS Evaluated
N/A
NVD
CVE-2026-27410
EUVD
EUVD-2026-37670
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
patchstack slimstat_analytics_plugin to 5.4.0 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-502 The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-27410 is a vulnerability in the WordPress Slimstat Analytics Plugin versions below 5.4.0 involving unauthenticated deserialization of untrusted data.

This means that an attacker can send specially crafted data to the plugin which is then deserialized without proper validation, allowing the attacker to manipulate the plugin's behavior.

The vulnerability is classified as medium severity with a CVSS score of 6.5 and falls under the OWASP Top 10 category A3: Injection.

Impact Analysis

Exploitation of this vulnerability can allow attackers to execute arbitrary code on the affected system, cause denial of service, or gain unauthorized access to the admin panel of the WordPress site.

Because the vulnerability requires no authentication to exploit, it can be targeted in mass campaigns affecting many websites.

This can lead to compromised website integrity, data breaches, and service disruptions.

Detection Guidance

The vulnerability affects WordPress Slimstat Analytics Plugin versions below 5.4.0 and involves unauthenticated deserialization of untrusted data.

Detection can focus on identifying the plugin version installed on your WordPress site to confirm if it is below 5.4.0.

Additionally, monitoring for unusual or suspicious HTTP requests targeting the Slimstat Analytics plugin endpoints may help detect exploitation attempts.

Specific commands to check the plugin version on your server include:

  • Using WP-CLI: `wp plugin list | grep slimstat-analytics` to see the installed version.
  • Checking the plugin directory version file: `cat wp-content/plugins/slimstat-analytics/readme.txt | grep "Stable tag"` or `cat wp-content/plugins/slimstat-analytics/slimstat-analytics.php | grep Version`.

Network monitoring tools or web application firewalls (WAF) with rules targeting this vulnerability can also help detect exploitation attempts.

Mitigation Strategies

The primary and immediate mitigation step is to update the Slimstat Analytics Plugin to version 5.4.0 or later, where the vulnerability is patched.

Until the update can be applied, users are advised to implement mitigation rules provided by Patchstack to block attacks targeting this vulnerability.

Seeking assistance from hosting providers or developers to apply these mitigations and updates promptly is also recommended.

Compliance Impact

The provided information does not specify how this vulnerability affects compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-27410. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart