A vulnerability has been discovered in popular WP Statistics plugin, installed on over 300,000 websites. The vulnerability is caused by the lack of sanitization in user-provided data, researchers said. The plugin allows site administrators to get detailed information related to the number of users online on their sites, number of visits and visitors, and page statistics. A remote attacker, with at least a subscriber account, could steal sensitive information from the website’s database and possibly gain unauthorized access to the affected sites.
Source: https://thehackernews.com/2017/06/wordpress-hacking-sql-injection.html