This vulnerability is caused by the lack of sanitization in user provided data. An attacker with at least a subscriber account could leak sensitive data and under the right circumstances/configurations compromise your WordPress installation.
They were on version 12.0.5 to fix a vulnerability reported [wpvulndb.com] for the same plugin in April and this one is updated/patched in version 12.0.8 (which is the current version) so there have been 3 other issues since April? Maybe just 'improvements'? I see none reported since April so this is good to know. It looks less reliable than I had thought. I don't use it but it is used on a site I work on. Might be time to be looking for some other way to gather statistics. :(
ergophobe
12:15 am on Jul 6, 2017 (gmt 0)
I thought this was deprecated in favor of Jetpack stats.
[edit]This is the one from the WP-Statistics team, not the one from the Wordpress team. My bad [/edit]
