This is an update to my recent post about the Stats Plugin Upgrade.

Andy Skelton, one of the plugin developer’s talks about it in his blog:

Anyone hosting their own blog and running the Stats plugin should update the plugin to version 1.1.1 immediately or apply the patch below. A critical SQL injection vulnerability was found and fixed. The bug could allow an attacker to steal administrative credentials. ( bloggers are not affected.)

Most users will want to download the latest version and simply copy the new files directly over the old ones. Subversion users may do `svn up`. Advanced users may apply the patch manually.

Kudos to Andy Skelton and Alex Concha who discovered and reported the bug as well as providing a fix for it.

Download the latest version of Stats plugin.

Anyone else using the Stats Plugin on their blog or website? If you haven’t upgraded yet, make sure that you take the time to do it ASAP to avoid risking having your blog/website getting compromised. Better safe than sorry folks. Also, make sure that you backup your WordPress database as well as deactivate the Stats plugin before performing the upgrade.

Please share your thoughts by leaving a comment below.

JaypeeOnline is supported by its audience. When you click on the advertisements or purchase through links on our site, we may earn an affiliate commission. Learn more



Owner and editor of JaypeeOnline. Self-proclaimed geek. New media writer and consultant. WordPress advocate. Loves blogging, gadgets, video games and sports. You can follow him on Facebook or Twitter.


  • JP Habaradas, July 28, 2007 @ 9:25 PM Reply

    @trench – Those that are at risk are the ones using the Stats plugin. You’re okay. ;)

  • trench, July 28, 2007 @ 10:55 AM Reply

    so does this include me? Is this stats plugin come standard or only if we use it? Im using firestats…

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.