{"id":416,"date":"2017-07-01T16:53:40","date_gmt":"2017-07-01T11:23:40","guid":{"rendered":"https:\/\/www.hackingtrainer.com\/resources\/?p=416"},"modified":"2017-11-18T14:07:52","modified_gmt":"2017-11-18T08:37:52","slug":"wordpress-plugin-used-300000-sites-found-vulnerable-sql-injection-attack","status":"publish","type":"post","link":"https:\/\/www.hackingtrainer.com\/resources\/wordpress-plugin-used-300000-sites-found-vulnerable-sql-injection-attack\/","title":{"rendered":"WordPress Plugin Used by 300,000+ Sites Found Vulnerable to SQL Injection Attack"},"content":{"rendered":"<div id=\"stcpDiv\">A SQL Injection vulnerability has been discovered in one of the most popular WordPress plugins, installed on over 300,000 websites, which could be exploited by hackers to steal databases and possibly hijack the affected sites remotely.<\/div>\n<div id=\"stcpDiv\">\nWP Statistics plugin, which allows site administrators to get detailed information related to the number of users online on their sites, the number of visits and visitors, and page statistics.<\/div>\n<div id=\"stcpDiv\">WordPress plugin WP Statistics is vulnerable to SQL Injection flaw that allows a remote attacker, with at least a subscriber account, to steal sensitive information from the website&#8217;s database and possibly gain unauthorized access to websites.The SQL injection vulnerability in WP Statistics plugin resides in multiple functions, including wp_statistics_searchengine_query().<\/div>\n<div><\/div>\n<div id=\"stcpDiv\">\n&#8220;One of the vulnerable functions wp_statistics_searchengine_query() in the file &#8216;includes\/functions\/functions.php&#8217; is accessible through WordPress&#8217; AJAX functionality thanks to the core function wp_ajax_parse_media_shortcode().&#8221;<\/div>\n<div><\/div>\n<div id=\"stcpDiv\">\nThis function does not check for additional privileges, which allows website subscribers to execute this shortcode and inject malicious code to its attributes.<\/p>\n<div id=\"stcpDiv\">So, if you have a vulnerable version of the plugin installed and your website allowing user registration, you are definitely at risk, and you should install the latest version as soon as possible.<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>A SQL Injection vulnerability has been discovered in one of the most popular WordPress plugins, installed on over 300,000 websites, which could be exploited by hackers to steal databases and possibly hijack the affected sites remotely. WP Statistics plugin, which allows site administrators to get detailed information related to the number of users online on [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":417,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"sfsi_plus_gutenberg_text_before_share":"","sfsi_plus_gutenberg_show_text_before_share":"","sfsi_plus_gutenberg_icon_type":"","sfsi_plus_gutenberg_icon_alignemt":"","sfsi_plus_gutenburg_max_per_row":"","footnotes":""},"categories":[4],"tags":[],"class_list":["post-416","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-latest-hacking-news"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v26.9 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>WordPress Plugin Used by 300,000+ Sites Found Vulnerable to SQL Injection Attack<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.hackingtrainer.com\/resources\/wordpress-plugin-used-300000-sites-found-vulnerable-sql-injection-attack\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"WordPress Plugin Used by 300,000+ Sites Found Vulnerable to SQL Injection Attack\" \/>\n<meta property=\"og:description\" content=\"A SQL Injection vulnerability has been discovered in one of the most popular WordPress plugins, installed on over 300,000 websites, which could be exploited by hackers to steal databases and possibly hijack the affected sites remotely. WP Statistics plugin, which allows site administrators to get detailed information related to the number of users online on [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.hackingtrainer.com\/resources\/wordpress-plugin-used-300000-sites-found-vulnerable-sql-injection-attack\/\" \/>\n<meta property=\"og:site_name\" content=\"HACKING TRAINER\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/hackingtrainerb9\/\" \/>\n<meta property=\"article:published_time\" content=\"2017-07-01T11:23:40+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2017-11-18T08:37:52+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.hackingtrainer.com\/resources\/wp-content\/uploads\/2017\/07\/wordpress-hacking-sql-injection.png\" \/>\n\t<meta property=\"og:image:width\" content=\"728\" \/>\n\t<meta property=\"og:image:height\" content=\"380\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"HACKINGTRAINER.COM\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@hackingtrainer\" \/>\n<meta name=\"twitter:site\" content=\"@hackingtrainer\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"HACKINGTRAINER.COM\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.hackingtrainer.com\/resources\/wordpress-plugin-used-300000-sites-found-vulnerable-sql-injection-attack\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.hackingtrainer.com\/resources\/wordpress-plugin-used-300000-sites-found-vulnerable-sql-injection-attack\/\"},\"author\":{\"name\":\"HACKINGTRAINER.COM\",\"@id\":\"https:\/\/www.hackingtrainer.com\/resources\/#\/schema\/person\/754f8b3ea3ed040c72cf4965aff3ca02\"},\"headline\":\"WordPress Plugin Used by 300,000+ Sites Found Vulnerable to SQL Injection Attack\",\"datePublished\":\"2017-07-01T11:23:40+00:00\",\"dateModified\":\"2017-11-18T08:37:52+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.hackingtrainer.com\/resources\/wordpress-plugin-used-300000-sites-found-vulnerable-sql-injection-attack\/\"},\"wordCount\":217,\"commentCount\":0,\"image\":{\"@id\":\"https:\/\/www.hackingtrainer.com\/resources\/wordpress-plugin-used-300000-sites-found-vulnerable-sql-injection-attack\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.hackingtrainer.com\/resources\/wp-content\/uploads\/2017\/07\/wordpress-hacking-sql-injection.png\",\"articleSection\":[\"LATEST HACKING NEWS\"],\"inLanguage\":\"en\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.hackingtrainer.com\/resources\/wordpress-plugin-used-300000-sites-found-vulnerable-sql-injection-attack\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.hackingtrainer.com\/resources\/wordpress-plugin-used-300000-sites-found-vulnerable-sql-injection-attack\/\",\"url\":\"https:\/\/www.hackingtrainer.com\/resources\/wordpress-plugin-used-300000-sites-found-vulnerable-sql-injection-attack\/\",\"name\":\"WordPress Plugin Used by 300,000+ Sites Found Vulnerable to SQL Injection Attack\",\"isPartOf\":{\"@id\":\"https:\/\/www.hackingtrainer.com\/resources\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.hackingtrainer.com\/resources\/wordpress-plugin-used-300000-sites-found-vulnerable-sql-injection-attack\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.hackingtrainer.com\/resources\/wordpress-plugin-used-300000-sites-found-vulnerable-sql-injection-attack\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.hackingtrainer.com\/resources\/wp-content\/uploads\/2017\/07\/wordpress-hacking-sql-injection.png\",\"datePublished\":\"2017-07-01T11:23:40+00:00\",\"dateModified\":\"2017-11-18T08:37:52+00:00\",\"author\":{\"@id\":\"https:\/\/www.hackingtrainer.com\/resources\/#\/schema\/person\/754f8b3ea3ed040c72cf4965aff3ca02\"},\"breadcrumb\":{\"@id\":\"https:\/\/www.hackingtrainer.com\/resources\/wordpress-plugin-used-300000-sites-found-vulnerable-sql-injection-attack\/#breadcrumb\"},\"inLanguage\":\"en\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.hackingtrainer.com\/resources\/wordpress-plugin-used-300000-sites-found-vulnerable-sql-injection-attack\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en\",\"@id\":\"https:\/\/www.hackingtrainer.com\/resources\/wordpress-plugin-used-300000-sites-found-vulnerable-sql-injection-attack\/#primaryimage\",\"url\":\"https:\/\/www.hackingtrainer.com\/resources\/wp-content\/uploads\/2017\/07\/wordpress-hacking-sql-injection.png\",\"contentUrl\":\"https:\/\/www.hackingtrainer.com\/resources\/wp-content\/uploads\/2017\/07\/wordpress-hacking-sql-injection.png\",\"width\":728,\"height\":380},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.hackingtrainer.com\/resources\/wordpress-plugin-used-300000-sites-found-vulnerable-sql-injection-attack\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.hackingtrainer.com\/resources\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"WordPress Plugin Used by 300,000+ Sites Found Vulnerable to SQL Injection Attack\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.hackingtrainer.com\/resources\/#website\",\"url\":\"https:\/\/www.hackingtrainer.com\/resources\/\",\"name\":\"HACKING TRAINER\",\"description\":\"The Best Training Institute for Ethical Hacking\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.hackingtrainer.com\/resources\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.hackingtrainer.com\/resources\/#\/schema\/person\/754f8b3ea3ed040c72cf4965aff3ca02\",\"name\":\"HACKINGTRAINER.COM\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en\",\"@id\":\"https:\/\/www.hackingtrainer.com\/resources\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/4b94e509530c91def9d037254a5f5be19188209635bd0cd7b57ec92de81e5847?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/4b94e509530c91def9d037254a5f5be19188209635bd0cd7b57ec92de81e5847?s=96&d=mm&r=g\",\"caption\":\"HACKINGTRAINER.COM\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"WordPress Plugin Used by 300,000+ Sites Found Vulnerable to SQL Injection Attack","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.hackingtrainer.com\/resources\/wordpress-plugin-used-300000-sites-found-vulnerable-sql-injection-attack\/","og_locale":"en_US","og_type":"article","og_title":"WordPress Plugin Used by 300,000+ Sites Found Vulnerable to SQL Injection Attack","og_description":"A SQL Injection vulnerability has been discovered in one of the most popular WordPress plugins, installed on over 300,000 websites, which could be exploited by hackers to steal databases and possibly hijack the affected sites remotely. WP Statistics plugin, which allows site administrators to get detailed information related to the number of users online on [&hellip;]","og_url":"https:\/\/www.hackingtrainer.com\/resources\/wordpress-plugin-used-300000-sites-found-vulnerable-sql-injection-attack\/","og_site_name":"HACKING TRAINER","article_publisher":"https:\/\/www.facebook.com\/hackingtrainerb9\/","article_published_time":"2017-07-01T11:23:40+00:00","article_modified_time":"2017-11-18T08:37:52+00:00","og_image":[{"width":728,"height":380,"url":"https:\/\/www.hackingtrainer.com\/resources\/wp-content\/uploads\/2017\/07\/wordpress-hacking-sql-injection.png","type":"image\/png"}],"author":"HACKINGTRAINER.COM","twitter_card":"summary_large_image","twitter_creator":"@hackingtrainer","twitter_site":"@hackingtrainer","twitter_misc":{"Written by":"HACKINGTRAINER.COM","Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.hackingtrainer.com\/resources\/wordpress-plugin-used-300000-sites-found-vulnerable-sql-injection-attack\/#article","isPartOf":{"@id":"https:\/\/www.hackingtrainer.com\/resources\/wordpress-plugin-used-300000-sites-found-vulnerable-sql-injection-attack\/"},"author":{"name":"HACKINGTRAINER.COM","@id":"https:\/\/www.hackingtrainer.com\/resources\/#\/schema\/person\/754f8b3ea3ed040c72cf4965aff3ca02"},"headline":"WordPress Plugin Used by 300,000+ Sites Found Vulnerable to SQL Injection Attack","datePublished":"2017-07-01T11:23:40+00:00","dateModified":"2017-11-18T08:37:52+00:00","mainEntityOfPage":{"@id":"https:\/\/www.hackingtrainer.com\/resources\/wordpress-plugin-used-300000-sites-found-vulnerable-sql-injection-attack\/"},"wordCount":217,"commentCount":0,"image":{"@id":"https:\/\/www.hackingtrainer.com\/resources\/wordpress-plugin-used-300000-sites-found-vulnerable-sql-injection-attack\/#primaryimage"},"thumbnailUrl":"https:\/\/www.hackingtrainer.com\/resources\/wp-content\/uploads\/2017\/07\/wordpress-hacking-sql-injection.png","articleSection":["LATEST HACKING NEWS"],"inLanguage":"en","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.hackingtrainer.com\/resources\/wordpress-plugin-used-300000-sites-found-vulnerable-sql-injection-attack\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.hackingtrainer.com\/resources\/wordpress-plugin-used-300000-sites-found-vulnerable-sql-injection-attack\/","url":"https:\/\/www.hackingtrainer.com\/resources\/wordpress-plugin-used-300000-sites-found-vulnerable-sql-injection-attack\/","name":"WordPress Plugin Used by 300,000+ Sites Found Vulnerable to SQL Injection Attack","isPartOf":{"@id":"https:\/\/www.hackingtrainer.com\/resources\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.hackingtrainer.com\/resources\/wordpress-plugin-used-300000-sites-found-vulnerable-sql-injection-attack\/#primaryimage"},"image":{"@id":"https:\/\/www.hackingtrainer.com\/resources\/wordpress-plugin-used-300000-sites-found-vulnerable-sql-injection-attack\/#primaryimage"},"thumbnailUrl":"https:\/\/www.hackingtrainer.com\/resources\/wp-content\/uploads\/2017\/07\/wordpress-hacking-sql-injection.png","datePublished":"2017-07-01T11:23:40+00:00","dateModified":"2017-11-18T08:37:52+00:00","author":{"@id":"https:\/\/www.hackingtrainer.com\/resources\/#\/schema\/person\/754f8b3ea3ed040c72cf4965aff3ca02"},"breadcrumb":{"@id":"https:\/\/www.hackingtrainer.com\/resources\/wordpress-plugin-used-300000-sites-found-vulnerable-sql-injection-attack\/#breadcrumb"},"inLanguage":"en","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.hackingtrainer.com\/resources\/wordpress-plugin-used-300000-sites-found-vulnerable-sql-injection-attack\/"]}]},{"@type":"ImageObject","inLanguage":"en","@id":"https:\/\/www.hackingtrainer.com\/resources\/wordpress-plugin-used-300000-sites-found-vulnerable-sql-injection-attack\/#primaryimage","url":"https:\/\/www.hackingtrainer.com\/resources\/wp-content\/uploads\/2017\/07\/wordpress-hacking-sql-injection.png","contentUrl":"https:\/\/www.hackingtrainer.com\/resources\/wp-content\/uploads\/2017\/07\/wordpress-hacking-sql-injection.png","width":728,"height":380},{"@type":"BreadcrumbList","@id":"https:\/\/www.hackingtrainer.com\/resources\/wordpress-plugin-used-300000-sites-found-vulnerable-sql-injection-attack\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.hackingtrainer.com\/resources\/"},{"@type":"ListItem","position":2,"name":"WordPress Plugin Used by 300,000+ Sites Found Vulnerable to SQL Injection Attack"}]},{"@type":"WebSite","@id":"https:\/\/www.hackingtrainer.com\/resources\/#website","url":"https:\/\/www.hackingtrainer.com\/resources\/","name":"HACKING TRAINER","description":"The Best Training Institute for Ethical Hacking","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.hackingtrainer.com\/resources\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en"},{"@type":"Person","@id":"https:\/\/www.hackingtrainer.com\/resources\/#\/schema\/person\/754f8b3ea3ed040c72cf4965aff3ca02","name":"HACKINGTRAINER.COM","image":{"@type":"ImageObject","inLanguage":"en","@id":"https:\/\/www.hackingtrainer.com\/resources\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/4b94e509530c91def9d037254a5f5be19188209635bd0cd7b57ec92de81e5847?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/4b94e509530c91def9d037254a5f5be19188209635bd0cd7b57ec92de81e5847?s=96&d=mm&r=g","caption":"HACKINGTRAINER.COM"}}]}},"_links":{"self":[{"href":"https:\/\/www.hackingtrainer.com\/resources\/wp-json\/wp\/v2\/posts\/416","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.hackingtrainer.com\/resources\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.hackingtrainer.com\/resources\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.hackingtrainer.com\/resources\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.hackingtrainer.com\/resources\/wp-json\/wp\/v2\/comments?post=416"}],"version-history":[{"count":0,"href":"https:\/\/www.hackingtrainer.com\/resources\/wp-json\/wp\/v2\/posts\/416\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.hackingtrainer.com\/resources\/wp-json\/wp\/v2\/media\/417"}],"wp:attachment":[{"href":"https:\/\/www.hackingtrainer.com\/resources\/wp-json\/wp\/v2\/media?parent=416"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.hackingtrainer.com\/resources\/wp-json\/wp\/v2\/categories?post=416"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.hackingtrainer.com\/resources\/wp-json\/wp\/v2\/tags?post=416"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}