A critical flaw in the WP Statistics plugin used by more than 300,000 WordPress sites can be exploited by thieves out for your database, researchers showed. Site administrators using an outdated plugin are at risk.
While working on WordPress plugin WP Statistics as part of a vulnerability assessment for their firewall offering, Sucuri researchers discovered an SQL Injection flaw.
“This vulnerability is caused by the lack of sanitization in user provided data,” the researchers warned. “An attacker with at least a subscriber account could leak sensitive data and under the right circumstances/configurations compromise your WordPress installation.”
Leave a reply