SQL Injection Vulnerability Found in WordPress Statistics Plugin | AWESEM

The online security experts at Sucuri have identified another SQL injection vulnerability in a popular WordPress plugin, while auditing numerous open source plugins to search for potential security issues.

The plugin in question is WP Statistics, which has over 300,000 active installs and is billed as ‘a comprehensive plugin for your WordPress visitor statistics’. The vulnerability is an SQL Injection and puts any users at risk who are currently running a vulnerable version of the plugin and allow user registration on their site. Sucuri go into further details on their blog:

‘This vulnerability is caused by the lack of sanitization in user provided data. An attacker with at least a subscriber account could leak sensitive data and under the right circumstances/configurations compromise your WordPress installation.’

Any users who want to continue using WP Statistics are urged to update immediately, whereas those who no longer require the plugin should deactivate and uninstall the plugin via their Dashboard as soon as possible.

No comments yet.

Leave a comment

Comment form

All fields marked (*) are required

Telephone

+44 (0) 20 7193 1411

Address

Portland House
Bressenden Place
London, SW1E 5RS, UK

Project Enquiry

Want to talk to us about a project?
Contact us here