WP-Slimstat dangerous vulnerability

  • The problem stems from a weak key vulnerability in WP-Slimstat, a web analytics plugin for the content management system that’s been downloaded roughly 1.3 million times. The bug could enable an attacker to essentially guess the value of the key the plugin uses to sign data sent to and from the user. From there, one could stage a series of blind SQL injection attacks and glean information from the site’s database such as usernames, hashed passwords and WordPress Secret Keys.

    See more at: https://threatpost.com/more-than-1-million-wordpress-sites-open-to-sql-injection-attacks/111267

    How do you guarantee that you’ve fixed it? Is the source on Github for everyone to see it?

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Author Jason Crouse

    (@coolmann)

    No need to “summon” git, WordPress hosts the files on their svn repo:

    https://plugins.trac.www.ads-software.com/browser/wp-slimstat/trunk/wp-slimstat.php#L1107

    As you can see, the secret key is now calculated in a much safer way. And the code for maybe_insert_row has been updated as well. Plus, Sucuri has confirmed that the vulnerability has been patched:

    https://blog.sucuri.net/2015/02/security-advisory-wp-slimstat-3-9-5-and-lower.html

    I believe they are a reputable source.

    One more thing: most sites said that the bug affects ONE million SITES. We hope to get there one day. However they fail to consider that the counter increases even when the same site downloads a plugin multiple times. Given that every new release is downloaded roughly “only” 30k times, I would be careful in speculating on such big numbers. Of course it makes the news much juicier to say one million sites.

    Last but not least, we patched Slimstat within 12 hours of receiving Marc’s email explaining the vulnerability, so we believe we don’t deserve a 1 star review. What do you say? ??

    Plugin Author Jason Crouse

    (@coolmann)

    It’s sad to see people rush here to post the “scoop” of the day, and then disappear when a reasonable explanation is provided. Oh well…

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘WP-Slimstat dangerous vulnerability’ is closed to new replies.