New Vulnerability Affects WordPress Plugin WP Statistics

Monday, July 3, 2017 - 15:45

A newly discovered vulnerability in a popular WordPress plugin could allow an attacker to take control of an affected website. WordPress is open-source content management software that is used to manage and publish websites. A SQL Injection vulnerability exists in the WP Statistics plugin, which WordPress site administrators can use to view information about the number of visitors to their website and other web page statistics. 

This vulnerability is patched in WP Statistics 12.0.8, the latest version of the WP Statistics plugin. If you administer a WordPress site and use an older version of the WP Statistics plugin, Computing Services and Systems Development recommends that you upgrade to the latest version of WP Statistics as soon as possible.

Please contact the Technology Help Desk at 412 624-HELP [4357] if you have any questions regarding this announcement.