"SQL injection vulnerability found in popular WordPpress plug in, again"

Researchers at Sucuri have discovered a SQL injection vulnerability within the WordPress plugin, WordPress Statistics, whilst performing a security assessment on popular open source products. The vulnerability arises with the injection of WordPress Statistics shortcode, as WordPress enables developers to create content, which can then be added into pages via the insertion of a shortcode. This vulnerability could be exploited to steal data. This article further discusses this vulnerability, the popularity of WordPress, and other vulnerabilities discovered within WordPress. 

SC UK reports "SQL injection vulnerability found in popular WordPpress plug in, again"