Over 1 million WordPress websites at risk from SQL injection

10 years ago
February 25, 2015
1 reply
501 views

+54

Jasper_The_Rasper
Moderator

Summary: A critical security flaw in a plugin called WP-Slimstat is to blame.
By Charlie Osborne for Zero Day | February 25, 2015

Over one million websites running the WordPress content management system are potentially at risk of being hijacked due to a critical vulnerability exposed in the WP-Slimstat plugin.

On Tuesday, a security advisory posted by researcher Marc-Alexandre Montpas from security firm Sucuri said the "very high risk" vulnerability found in versions of WP-Slimstat 3.9.5 and lower could lead to cyberattackers being able to break the plugin's "secret" key, perform an SQL injection and take over a target website.

The security bug is found in all versions of the analytics plugin except the latest 3.6 version.

Full Article

+54

Jasper_The_Rasper
Moderator
10 years ago
February 25, 2015

By Ionut Ilascu 25 Feb 2015

New release is currently available

A new version of WP-Slimstat has been released (3.9.6) to eliminate the vulnerability. It tightens SQL queries and makes the encryption key more difficult to guess.

Users are advised to switch to the new build and have been given instructions on how to make sure that the tracking code relies on the latest improvements.

Full Article

New release is currently available

Reply

Related Topics

How to modify date formaticon

Date format is not according to signer's timezoneicon

Let users change the format of Date Signed

Change date format in templateicon

Changing date format of signed documenticon

Sign up

Login to the community

Scanning file for viruses.

This file cannot be downloaded