The well known security company Sucuri wrote these days on its blog about a new vulnerability found during an audit.
This vulnerability allows hackers to inject code in the WordPress content using the plugin shortcodes.
A solution for the moment is to update the plugin, and to check later if still persists this vulnerability.
Sucuri encourages users to update without delay if they are using a vulnerable version of WP Statistics.
WP Statistics is one of the most used plugin for stats. A comprehensive plugin to track statistics without depending on external services. The plugin includes GeoLite2 data created by MaxMind.
“The problem is no different than with other application companies and is very often related to trading off security in order to release in time and be first to market. I believe that with WordPress the problem is more acute because we are talking about hundreds if not thousands of ‘small’ applications that are not properly vetted before made available.”, Amit Ashbel, cyber-security evangelist at Checkmarx, told SC Media UK