This is an update to my recent post Wordpress.com Stats Plugin Upgrade.
Andy Skelton, one of the plugin developer’s talks about it in his blog:
Anyone hosting their own blog and running the WordPress.com Stats plugin should update the plugin to version 1.1.1 immediately or apply the patch below. A critical SQL injection vulnerability was found and fixed. The bug could allow an attacker to steal administrative credentials. (WordPress.com bloggers are not affected.)
Most users will want to download the latest version and simply copy the new files directly over the old ones. Subversion users may do `svn up`. Advanced users may apply the patch manually.
Download the latest version of Wordpress.com Stats plugin.
July 28th, 2007 at 9:25 pm
@trench - Those that are at risk are the ones using the Wordpress.com Stats plugin. You’re okay.
July 28th, 2007 at 10:55 am
so does this include me? Is this stats plugin come standard or only if we use it? Im using firestats…