Wordpress is one of the most popular Web publishing platforms. The vast catalog of plugins is part of what makes Wordpress so powerful, but it can also be the Achilles heel. According to security researchers at Sucuri there are a million-plus Wordpress sites exposed to serious risk, thanks to a flaw in the WP-Slimstat plugin.
WP-Slimstat vulnerable
The Sucuri blog post explains, “During a routine audit for our WAF [Web application firewall], we discovered a security bug that an attacker could, by breaking the plugin’s weak “secret” key, use to perform a SQL Injection attack against the target website.”
To read this article in full or to leave a comment, please click here