There is a SQL Injection Vulnerability in wp-stats.php as stated in http://secunia.com/advisories/18471/

I have fixed the exploit by adding $wpdb->escape($string);

Please download the latest version of WP-Stats NOW, WP-Stats 2.01

Sorry about it.