EPSS
Percentile
36.1%
This vulnerability allows a visitor to inject arbitrary JavasScript code on the plugin access log functionality, which is visible both on the plugin’s access log page and on the admin dashboard index—‚ the default page shown once you log in.
blog.sucuri.net/2019/05/slimstat-stored-xss-from-visitors.html
plugins.trac.wordpress.org/changeset/2091635/wp-slimstat