Influenza A virus subtype H5N1 SQL Injection vulnerability has been discovered inwards i of the nearly pop Wordpress plugins, installed on over 300,000 websites, which could hold upwards exploited yesteryear hackers to pocket databases together with perchance hijack the affected sites remotely.
The flaw has been discovered inwards the highly pop WP Statistics plugin, which allows site administrators to become detailed information related to the bring out of users online on their sites, the bring out of visits together with visitors, together with page statistics.
Discovered yesteryear Sucuri team, WordPress plugin WP Statistics is vulnerable to SQL Injection flaw that allows a remote attacker, alongside at to the lowest degree a subscriber account, to pocket sensitive information from the website's database together with perchance gain unauthorized access to websites.
SQL Injection is a spider web application põrnikas that allows hackers to inject malicious Structured Query Language (SQL) code to spider web inputs inwards guild to orbit upwards one's hear the construction together with place of cardinal databases, which eventually allows stealing of the database.
"This vulnerability is caused yesteryear the lack of sanitization inwards user-provided data," researchers said. "Some attributes of the shortcode wpstatistics are beingness passed every bit parameters for of import functions together with this should non hold upwards a occupation if those parameters were sanitized."
"One of the vulnerable functions wp_statistics_searchengine_query() inwards the file 'includes/functions/functions.php' is accessible through WordPress' AJAX functionality cheers to the total component wp_ajax_parse_media_shortcode()."
This component does non banking concern gibe for additional privileges, which allows website subscribers to execute this shortcode together with inject malicious code to its attributes.
The researchers at Sucuri privately disclosed the flaw to the WP Statistics squad together with the squad had patched the vulnerability inwards its latest version WP Statistics version 12.0.8.
So, if y'all accept a vulnerable version of the plugin installed together with your website allowing user registration, y'all are definitely at risk, together with y'all should install the latest version every bit shortly every bit possible.
