plugin, installed on hundreds of thousands of sites, allows anyone to filch database info without having to be logged in. Unauthenticated attackers can hijack the function to perform their own queries, in order to purloin sensitive info. The plugin s developer has released a patch with version 13.0.8, so site administrators should update as quickly as possible. A similar bug was found earlier in May, which impacted the Spam protection, AntiSpam, FireWall by CleanTalk plugin, which is installed on more than 100,000 sites.
Source: https://threatpost.com/wp-statistics-attackers-data-wordpress/166386/