WordPress.com Stats Plugin Vulnerability

This is an update to my recent post about the WordPress.com Stats Plugin Upgrade.

Andy Skelton, one of the plugin developer’s talks about it in his blog:

Anyone hosting their own blog and running the WordPress.com Stats plugin should update the plugin to version 1.1.1 immediately or apply the patch below. A critical SQL injection vulnerability was found and fixed. The bug could allow an attacker to steal administrative credentials. (WordPress.com bloggers are not affected.)

Most users will want to download the latest version and simply copy the new files directly over the old ones. Subversion users may do `svn up`. Advanced users may apply the patch manually.

Kudos to Andy Skelton and Alex Concha who discovered and reported the bug as well as providing a fix for it.

Download the latest version of WordPress.com Stats plugin.

Anyone else using the WordPress.com Stats Plugin on their blog or website? If you haven’t upgraded yet, make sure that you take the time to do it ASAP to avoid risking having your blog/website getting compromised. Better safe than sorry folks. Also, make sure that you backup your WordPress database as well as deactivate the WordPress.com Stats plugin before performing the upgrade.

Please share your thoughts by leaving a comment below.

This post may contain affiliate links that allow us to earn commissions at no additional cost to you. We are reader-supported so when you buy through the affiliate links, you are also helping or supporting us. 


Leave a Reply

Your email address will not be published. Required fields are marked *