According to Sucuri, a well known security company, the WP-Slimstat (Wettable Powder Slimstat) plugin for WordPress could endanger over a million sites thanks to a security bug.
With more than 75 million users, WordPress is the most popular online publishing platform. Many important sites use WordPress due to the increased flexibility derived from the support for extensions. The huge community of developers and also the wide range of plug-ins actually gives the charm of the platform. Unfortunately, those WordPress plugins are rarely as safe as they are useful.
Starting from this premise, it was recently discovered that WP-Slimstat 3.9.6, a very popular web analytics plugin for WordPress, has a very dangerous vulnerability. Realistically, the situation is so serious that a hacker can successfully use the vulnerability of WP-Slimstat to steal private information from a site, such as encrypted passwords or WordPress secret keys.
“This is a dangerous vulnerability, you should update all of your websites using this plugin as soon as possible.”
Update WordPress As Soon As Possible
The good part is that the vulnerability has been covered by WordPress team, but that does not mean in any way that the update will reach all users. The update process is a manual one for most of the cases.
The discovery on this subject was made by the security experts at Sucuri. They claimed that more than one million sites are vulnerable because of poor security plugin WP-Slimstat.
“During a routine audit for our WAF, we discovered a security bug that an attacker could, by breaking the plugin’s weak “secret” key, use to perform a SQL Injection attack against the target website.”