A recent thread on the WordPress Support Forum claims the WordPess plugin Visitor Traffic Real Time Statistics led to a website being hacked. The claim isn’t backed up with any evidence to support it and claims like that are often incorrect, but we wanted to quickly check over the plugin to make sure there wasn’t an obvious issue that could cause that currently exists in the plugin. What we immediately found was that the plugin isn’t properly secured, and it contains a minor vulnerability. Making the insecurity stand out more is that at the end of September, the developer claimed to have addressed the type of vulnerability we found, but hadn’t even made changes that should address it.

There appear to be other security issues in the plugin as well, so we would recommend not using the plugin unless the developer can show that they are able to properly secure the plugin. [Read more]