I usually don’t mention Wordpress vulnerabilities here, but since I use Wordpress and the vulnerable plugin I figured I’d mention it (now that I’m patched).
The Wordpress Stats plugin by Automattic (Andy Skelton ) had a critical SQL injection vulnerability that could allow admin credentials to be stolen. The vulnerability was patched in version 1.1.1 and was released July 27th.
I typically turn off (deactivate) plugins before updating them and in this case I had to re-enter the API key when activating the updated plugin.
Wordpress Stats Plugin Vulnerability Plugged
The Wordpress Stats plugin by Automattic (Andy Skelton ) had a critical SQL injection vulnerability that could allow admin credentials to be stolen. The vulnerability was patched in version 1.1.1 and was released July 27th.
I typically turn off (deactivate) plugins before updating them and in this case I had to re-enter the API key when activating the updated plugin.
Related Posts: