All Products
Document Center

[Vulnerability notice] Sensitive information leakage vulnerability in the WordPress WP-Slimstat plug-in

Last Updated: Nov 23, 2017


The Wordpress plug-in WP-Slimstat uses a simple key to mark visitors to the website.

Once the key is decrypted, attackers can attack the target website through web SQL injection (blind) to get sensitive database information, including usernames, passwords (hash), and critical WordPress security keys.

Affected versions

WP-Slimstat <= 3.9.6


Go to the Wordpress management backend and update the WP-Slimstat plug-in to the latest version.