WP Statistics Plugin for WordPress < 12.6.7 Blind SQL Injection
High Nessus Plugin ID 126382
SynopsisThe remote web server hosts a PHP script that is affected by a remote SQL injection vulnerability.
DescriptionThe WP Statistics Plugin for WordPress running on the remote web server is affected by a SQL injection vulnerability due to improper sanitization of user-supplied input. An unauthenticated, remote attacker can exploit this issue to inject or manipulate SQL queries in the back-end database, resulting in the manipulation of arbitrary data.
SolutionUpgrade the WP Statistics Plugin for WordPress to version 12.6.7 or later.