A WordPress content management platform has been discovered to contain a critical vulnerability, which affects over one million WordPress user websites and, if exploited, can result in the hijacking of these websites by attackers.
The vulnerability can be found in the Wettable Powder Slimstat (WP-Slimstat) plugin, which is very popular and is used by about 1.3 million users. The free Search Engine Optimization (SEO) plugin, lets users have control of a real-time activity log, server latency, heatmaps, email reports, and the ability to export data to excel.
Previous versions to the latest released of WP-Slimstat, Slimstat 3.9.6, contain an easily guessable secret key, which is a way of sending secure information to a designated recipient with a mathematically generated password that is known by only trusted entities used for encryption and decryption.
The danger of a weak secret key is that it can be easily guessed using a computer with the CPU power available to consumers. The technology behind this, is the key is converted to MD5 hash and can be accessed through an SQL injection attack (adding SQL database script into a text box to essentially confuse and break the database providing an attacker with the path to sensitive information). Once an attacker has the MD5 hash, it can be decrypted through an algorithm which attempts to guess 30 million random strings, a process which will only take about 10 minutes. From here, the hacker will have everything from administrator passwords to website users who are stored in a database.
Any user who uses WordPress’ content management system is strongly advised to upgrade their website with the latest version of WP-Slimstat in order to stay protected. The latest version can be found:
Check out the robust and ADA-compliant ‘Choose North Andover’ website – designed to position the town as business friendly.
Our team worked closely with AwardIT to develop a digital platform that connects SBIR grant writers and reviewers.
Check out the eCommerce website we designed & developed for Magnalube, a company that produces specialty lubricants for industrial engineers.