WP-Stats Plugin Vulnerability: An SQL injection vulnerability has been found in the plugin WP-Stats version 2.x where the author parameter is not sanitized before it is used. At the time of writing, I am not sure which WP-Stats Secunia is talking about. However, if you use version 2.x of this plugin, please disable it till a patch is developed. [EDIT]: See here for the new version that fixes the vulnerability. Thanks Ronald.