WordPress Plugin WP Statistics threatened by SQL Injection Flaw
July 2, 2017
Shah Sheikh (1294 articles)
Share

WordPress Plugin WP Statistics threatened by SQL Injection Flaw

Security experts at Sucuri have discovered a SQL Injection vulnerability in WP Statistics, one of the most popular WordPress plugins, that is currently being used in over 300,000 websites.

The plugin enables site administrators to get detailed information related to the number of users online on their sites, the number of visits and visitors, and page statistics.

The SQL Injection vulnerability in WP Statistics could be exploited by attackers, with at least a subscriber account, to access the content of the database and potentially take over the vulnerable websites remotely.

Sucrai reports that

“This vulnerability is caused by the lack of sanitization in user provided data. An attacker with at least a subscriber account could leak sensitive data and under the right circumstances/configurations compromise your WordPress installation. If you have a vulnerable version installed and your site allows user registration, you are definitely at risk”

According to Sucuri, the SQL injection vulnerability in WP Statistics plugin affects multiple functions, including wp_statistics_searchengine_query().

WordPress provides an API that allows developers to create content that users can place directly in their pages by using a simple shortcode:

[shortcode atts_1=”test” atts_2=”test”]

The WP Statistics plugin allows admin users to get detailed information related to the number of visits by just calling the shortcode below:

wpstatistics-shortcode

The function does not check for additional privileges, which allows website subscribers to execute this shortcode and inject malicious code to its attributes.

The researchers at Sucuri privately reported the vulnerability to the WP Statistics team that promptly fixed it with version 12.0.8.

Source | securityaffairs