In Wordpress plugin Slimstat in versions prior to 3.9.6. was detected a vulnerability. A "secret" key which is used to sign data send to and from the visiting end-user computer is easily guessable. After breaking the secret key an attacker can perform an SQL injection against the target website and get to sensitive information from victim's database. It is estimated that more than 1.3 million websites running on Wordpress use this plugin.