There is a new alert out about a WordPress Plugin called WordPress WP-Slimstat, a web analytics plugin for WordPress.
A vulnerability affecting the WordPress WP-Slimstat plugin could be exploited through SQL injection attacks to steal data from vulnerable sites. The flaw affects Slimstat versions 3.9.5 and earlier. Users are urged to upgrade to version 3.9.6.
All the WP-Slimstat versions prior to the latest release of Slimstat 3.9.6 contain an easily guessable ‘secret’ key which is used to sign data sent to and from the visiting end-user computers, explained in a blog post published by Web security firm Sucuri.
WordPress WP-Slimstat, has been downloaded over 1.3 million times and is highly rated by users. The plug-in allows site owners to track returning visitors and registered users, monitor JavaScript events, detect intrusions, analyze email campaigns and more.