Critical WordPress Analytics Plugin Vulnerability Affects 1.3 Million Websites of being compromised by attackers.
The vulnerability resides within the majority of versions of WordPress plugin called Wettable Powder Slimstat (WP-Slimstat). While there are more than 70 million websites on the Internet that are running WordPress, over 1.3 Million of them are using ‘WP-Slimstat’ ensuring it to be one of the popular plugins using within WordPress.
Versions prior to Slimstat 3.9.6 contain an easily guessable key that’s used to sign data sent between the server and client, based on a blog post published on Tuesday from Web security firm Sucuri. The outcome is a SQL injection vector that can be used to extract highly sensitive data, including encrypted passwords and the encryption keys used to remotely administer websites.
Once the so called ‘secret’ key is broken an attacker can then perform an SQL injection against the target website in order to grab sensitive information from victim’s database, including encrypted passwords.
“If your website uses a vulnerable version of the plugin, you’re at risk,” said Marc-Alexandre Montpas, a senior vulnerability researcher
he went on to say “Successful exploitation of this bug could lead to Blind SQL Injection attacks, which means an attacker could grab sensitive information from your database, including username, (hashed) passwords and, in certain configurations, WordPress Secret Keys (which could result in a total site takeover).”
it is possible to guess the secret key sent to and from the client by looking at it’s value:
You can find full details of how the on the securi blog here