WordPress WP Statistics

Researchers at Sucuri have identified an SQL injection vulnerability in WordPress WP Statistics plugin versions released prior to 12.0.8. Successful exploitation could allow a threat actor to leak sensitive data and possibly compromise the WordPress installation. The WP Statistics plugin is installed on over 300,000 websites. The NJCCIC recommends all users and administrators review the Sucuri blog and update to the latest versions of the WP Statistics plugin and WordPress.