As part of a vulnerability research project for our Sucuri Firewall, we have been auditing popular open source projects looking for security issues.

While working on the WordPress plugin WP Statistics, we discovered a SQL Injection vulnerability. This plugin is currently installed on 300,000+ websites.

Are You at Risk?

This vulnerability is caused by the lack of sanitization in user provided data. An attacker with at least a subscriber account could leak sensitive data and under the right circumstances/configurations compromise your WordPress installation.

Continue reading SQL Injection Vulnerability in WP Statistics at Sucuri Blog.

Via Sucuri.net