Over a million Wordpress sites at risk thanks to this plugin

A famous WordPress gallery plugin which has more than a million installations has recently patched a serious vulnerability which allows the exploitation of the website’s database.

Plugins are the backbone of the Wordpress and they are what makes it so elegant, but it can also be a pain since most of the plugins have some sort of vulnerability since the programmers have not given much thought for security.

Researchers from security firm Sucuri informed that more than a million Wordpress sites are exposed to serious risk due to a flaw in the WP-Slimstat plugin.

In a blog, Sucuri said that “During a routine audit for our Web application firewall[ WAF], we found a security bug which an attacker could, by breaking plugin’s weak “secret” key, use to perform an SQL Injection attack against target website.”

The blog also explains that a successful exploit could allow the attacker to access or download sensitive information from the website like encrypted passwords, Wordpress secret keys, etc.

All this info can be used by an attacker to hijack an entire Wordpress site.

Sucuri ends up by stressing, “This is a very dangerous vulnerability, you should update all of your websites which use this plugin as soon as possible.”

Sucuri has estimated that there are over a million Wordpress sites possibly at risk due to WP-Slimstat. This is a large number but the grand scheme of things isn’t so bad.

On the Internet, there are nearly 75 million live Wordpress sites. Almost half of the top 100 tech blogs run on Wordpress. Famous and iconic destinations like The New York Times, CNN use Wordpress.

One of the primary benefits of the Wordpress platform is that there is almost guaranteed to be a plugin to do just about anything you can imagine doing on a website. There are almost 30,000 Wordpress plugins that have been downloaded a combined total of more than 286 million times.

Related posts

Water Facilities Must Secure Exposed HMIs – Warns CISA

Microsoft December Patch Tuesday Arrived With 70+ Bug Fixes

NachoVPN Attack Risks Corporate VPN Clients