Flaw in popular Web analytics plug-in exposes WordPress sites to hacking

WordPress site owners using the WP-Slimstat plug-in installed should upgrade it to the latest version immediately in order to fix a critical vulnerability, security researchers warn.

WP-Slimstat, a Web analytics plug-in for WordPress, has been downloaded over 1.3 million times and is highly rated by users. The plug-in allows site owners to track returning visitors and registered users, monitor JavaScript events, detect intrusions, analyze email campaigns and more.

Researchers from Web security firm Sucuri found a vulnerability that stems from weak cryptographic key generation in WP-Slimstat versions 3.9.5 and lower. If attackers can determine the secret key used by the plug-in, they can launch blind SQL injection attacks that enable them to read sensitive information from the site’s database.

To read this article in full or to leave a comment, please click here