WP-Stats SQL Injection Vulnerability
There is a SQL injection vulnerability in wp-stats.php, which I've fixed by adding $wpdb->escape($string). Please download the latest version, WP-Stats 2.01, right now to stay protected. Apologies for the oversight; do update as soon as you can.