WP-Statistics WordPress Plugin is comprehensive plugin for your WordPress visitor statistics. Recently a vulnerability has been found in all versions 8.3 and lower.
Quote Sucuri:
“An attacker can use Stored Cross Site Scripting (XSS) and Reflected XSS attack vectors to force a victim’s browser to perform administrative actions on its behalf. Leveraging this vulnerability, one could create new administrator account[s], insert SEO spam in legitimate blog posts, and a number of other actions within the WordPress’s admin panel.”
If you are using version 8.3 or lower, please upgrade immediately to version 8.3.1 or higher. For further details on the issue, please visit this page.
As always, keeping your WordPress and Plugins updated is vital. So is having a complete backup of your site. For worry free backup service which starts at $1.50/mo, Doteasy Auto Site Backup is a great deal for a great service.
