edit-icon download-icon

[Vulnerability notice] Sensitive information leakage vulnerability in the WordPress WP-Slimstat plug-in

Last Updated: Nov 23, 2017

Description

The Wordpress plug-in WP-Slimstat uses a simple key to mark visitors to the website.

Once the key is decrypted, attackers can attack the target website through web SQL injection (blind) to get sensitive database information, including usernames, passwords (hash), and critical WordPress security keys.

Affected versions

WP-Slimstat <= 3.9.6

Fix

Go to the Wordpress management backend and update the WP-Slimstat plug-in to the latest version.

Thank you! We've received your feedback.