WP Statistics, a plugin used by over 600,000 WordPress sites, has a SQL-injection security flaw that could enable site visitors to steal emails, passwords, credit card information, and other sensitive information from web databases.
The high-severity bug, dubbed CVE-2021-24340 and rated 7.5 on the CVSS scale, was discovered in Wordfence’s “Pages” feature, which allows administrators to view the pages that have received the most traffic. It sends the data to a back-end database via SQL queries, but now it turns out that unauthenticated attackers can use the feature to run their own queries and steal sensitive data.
To Read More: threatpost