Description
The Wordpress plug-in WP-Slimstat uses a simple key to mark visitors to the website.
Once the key is decrypted, attackers can attack the target website through web SQL injection (blind) to get sensitive database information, including usernames, passwords (hash), and critical WordPress security keys.
Affected versions
WP-Slimstat <= 3.9.6
Fix
Go to the Wordpress management backend and update the WP-Slimstat plug-in to the latest version.