Anyone hosting their own blog and running the WordPress.com Stats plugin should update the plugin to version 1.1.1 immediately or apply the patch below. A critical SQL injection vulnerability was found and fixed. The bug could allow an attacker to steal administrative credentials. (WordPress.com bloggers are not affected.)
Most users will want to download the latest version and simply copy the new files directly over the old ones. Subversion users may do `svn up`. Advanced users may apply the patch manually.
Thanks to Alex Concha who found and reported the bug to me. He also provided the fix.
July 27, 2007 at 2:19 pm
[...] has posted an update to the WordPress.com Stats Plugin. This is a security sensitive update, so if you’ve got an [...]
www dot james mckay dot net » I could have told you this would happen... Says:July 27, 2007 at 2:39 pm
[...] the vulnerability has been fixed, but it is this kind of bug that I was talking about earlier today. With a solid, well thought out [...]
Stats Plugin Vulnerability | Crucial Thought Says:July 27, 2007 at 4:53 pm
[...] here. Tags:stat [...]
July 27, 2007 at 5:03 pm
Thanks!
July 27, 2007 at 5:09 pm
Question: what if we didn’t upgrade to 1.1? Are we at risk?
Top Posts « WordPress.com Says:July 27, 2007 at 6:59 pm
[...] Stats Plugin Vulnerability Anyone hosting their own blog and running the WordPress.com Stats plugin should update the plugin to version 1.1.1 […] [...]
» Wp-Plugin WordPress.com Stats » WordPress Italy Says:July 27, 2007 at 7:07 pm
[...] Qui per scaricare [...]
July 27, 2007 at 11:03 pm
Is it just me, or is there a tiny smile watching over me on the side of the new iframe? I see you smiley!
Worpress.com Stats Plugin Vulnerability : JaypeeOnline | Blogging News & Reviews Says:July 27, 2007 at 11:16 pm
[...] Skelton, one of the plugin developer’s talks about it in his blog: Anyone hosting their own blog and running the WordPress.com Stats plugin should update [...]
WordPress.com Stats Plugin 1.1 - pestaola.gr Says:July 28, 2007 at 3:13 am
[...] ÂñÝèçêå ðñüâëçìá êáé êáëü åßíáé íá ãßíåé áíáâÜèìéóç óôçí Ýêäïóç WordPress.com Stats Plugin 1.1.1 Tags: Automattic, pestaola, plugin, software, stats, wordpress, wordpress+stats [...]
July 28, 2007 at 9:01 am
I upgraded
WordPress.com 統計外掛 1.1.1 版 « Kirin Lin Says:July 28, 2007 at 9:08 am
[...] çš„æ–‡ç« ã€ŠStats Plugin Vulnerability》ä¸æœ‰è©³ç´°èªªæ˜Žï¼Œè«‹å¤§å®¶è¨˜å¾—去更新。 Share This 作者:Kirin Lin | [...]
Wordpress.com Stats Plugin: Upgrade to version 1.1.1 | InvestorBlogger Says:July 28, 2007 at 11:17 am
[...] Thanks to WordPress.com and the stats plugin, I was able to confirm yesterday that my Google Stats was somehow borked. Now, I’ve updated the plugin as requested. [...]
July 28, 2007 at 11:50 am
@Jonathan: yes, unless you manually fix the problem.
PandaCube - A Digital Notebook » Blog Archive » Critical Update on WordPress.com Stats Plugin Says:July 28, 2007 at 9:03 pm
[...] updated version of WordPress.com Stats Plugin 1.1 is available now. A critical SQL vulnerability was found and fixed so anyone who is using the [...]
July 29, 2007 at 5:54 am
is it intended that i dont see the ‘Blog Stats’ link in my dashboard when i’m not logged in as administrator? as normal user (even editor) i still just have the ‘Visit your Global Dashboard to see your blog stats.’-link there.
Critical Update for WordPress Self Hosted Blog Stats « A Guilty Pleasure Says:actually i dont want to be logged in as admin all the time :/
July 30, 2007 at 12:44 pm
[...] Stats Plugin Vulnerability « Andy Skelton [...]
Wordpress Plugin: Wordpress Stats Update to v1.1.1 at The OS Quest Says:July 30, 2007 at 10:22 pm
[...] WordPress Stats Version 1.1.1 was released soon after. It plugs a critical SQL injection security vulnerability. [...]