Sucuri offers website security service which provides security in early warning system that detects malware, spam and login failed attempts and much more to the website owner. Web based monitoring, web based malware detection and much more were the offer by Sucuri. Recently Sucuri had found security risks in WordPress plugin WP- Slimstat of version 3.9.5 and lower which can leaves website vulnerable to hackers. Recently internet resource calculated about 1.3 million sites are vulnerable to hackers.
Sucuri alerts the users of using WordPress plugin WP- Slimstat’s which is used for the analytic for the website owners to calculate the log, latency, real time activity, email reports and much more to update as soon as possible. Sucuri discovered the security bug in the plugin WP-Slimstat which can make the attacker could break the secret key to perform SQL injection on the target website. On the successful attack on website, the attacker can get the sensitive information including username, password and also certain configurations and also can have the ability to take over the site.
The generation of secret key used by WP-Slimstat is the timestamp of the plugin installation which is in hashed version. On looking into the internet archive, the attacker can get the information needed and missing piece can also be obtained by providing the brute force attack until the generation of same secret key and the blind SQL injection is next step for the site to be attack.
So it is highly recommended to update the plugin as soon as possible and Sucuri also recommend for the users to have a look into WAF (website firewall) product for the users who are not to update.