If you use WP Slimstat, you’ll want to make sure you’re using version 3.9.6 or later as Sucuri has discovered a severe SQL injection vulnerability in versions 3.9.5