---
title: WP-Stats SQL Injection Vulnerability
date: 2006-01-18 00:48:28
permalink: https://lesterchan.net/blog/2006/01/18/wp-stats-sql-injection-vulnerability/
author: Lester Chan
categories:
  - WordPress Plugins
tags:
  - vulnerability
  - wp-stats
---

There is a SQL Injection Vulnerability in wp-stats.php as stated in <http://secunia.com/advisories/18471/>

I have fixed the exploit by adding $wpdb-&gt;escape($string);

Please download the latest version of WP-Stats **NOW**, [WP-Stats 2.01](http://www.lesterchan.net/others/downloads.php?id=8)

Sorry about it.