---
title: WP-Stats SQL Injection Vulnerability
date: 2006-01-18 00:48:28
permalink: https://lesterchan.net/blog/2006/01/18/wp-stats-sql-injection-vulnerability/
author: Lester Chan
excerpt: "There is a SQL injection vulnerability in wp-stats.php, which I've fixed by adding $wpdb->escape($string). Please download the latest version, WP-Stats 2.01, right now to stay protected. Apologies for the oversight; do update as soon as you can."
categories:
  - WordPress Plugins
tags:
  - vulnerability
  - wp-stats
---

There is a SQL Injection Vulnerability in wp-stats.php as stated in http://secunia.com/advisories/18471/

I have fixed the exploit by adding $wpdb-&gt;escape($string);

Please download the latest version of WP-Stats **NOW**, [WP-Stats 2.01](https://wordpress.org/plugins/wp-stats/)

Sorry about it.