Critical Plugin Bug In WordPress WP-Slimstat Plugin
If your website is one of the million plus that is running WP-Slimstat version 3.9.5 or older get patching and then consider changing your passwords. The researchers over at Sucuri have found the plug in uses an encryption key that is easy to guess. This leaves your WordPress site open to a SQL injection attack and leak of your remote administration passwords and keys.
Link to the Sucuri blog post: http://blog.sucuri.net/2015/02/security-advisory-wp-slimstat-3-9-5-and-lower.html