You can check the website statistics yourself or request them from us at [email protected]
On this platform, only organic high-quality traffic
Bitcoin
$ 30,725

Crypto Widget WordPress Plugin Flagged as “Critical” Cybersecurity Risk

Yesterday, the Cyber Security Agency of Singapore (CSA) highlighted a significant cybersecurity concern regarding a crypto widget plugin designed for the WordPress web content management system. The plugin in question, known as “The Cryptocurrency Widgets – Price Ticker & Coins List,” has been flagged as a potential vulnerability capable of exposing sensitive information.

According to a security bulletin released by the CSA, the plugin received a base score of 9.8 out of 10, categorizing it as a “critical” risk. This places it within the highest tier of vulnerabilities, defined by the CSA as those scoring a minimum of 9 out of 10.

The Crypto Widget Plugin’s Vulnerabilities

The National Vulnerability Database (NVD), which serves as the U.S. government repository for standards-based vulnerability management data, has identified a critical vulnerability within the WordPress crypto plugin. Specifically, versions 2.0 to 2.6.5 of the plugin are susceptible to SQL Injection through the ‘coinslist’ parameter.

This vulnerability stems from inadequate handling of user-supplied input within the parameter, coupled with insufficient preparation of the existing SQL query. As a result, attackers can exploit this flaw to extract sensitive information from the database. Furthermore, unauthenticated attackers can inject additional structured language queries alongside the existing ones.

Security firm CVE Program attributes the affected widget to a vendor named “narinder-singh,” with versions 2.0 through 2.6.5 confirmed to contain the vulnerability.

Cybersecurity Risks Plaguing Crypto

Security vulnerabilities are increasingly prevalent within the crypto industry, as evidenced by a recent incident involving Bitcoin ATM manufacturer Lamassu Industries. Just two weeks ago, the company addressed a critical vulnerability that, if exploited, could have granted hackers complete control over its Bitcoin ATMs.

Gabriel Gonzalez, Director of Hardware Security at IOActive, brought attention to the vulnerability, noting that it had the potential to allow hackers to empty all funds from the ATM and manipulate the note reader to display inaccurate deposit amounts.

The vulnerability came to light when a team of ethical hackers from the security firm IOActive conducted tests on Lamassu’s Bitcoin ATMs in 2023. Through their efforts, they uncovered and exploited multiple vulnerabilities, ultimately gaining full control over the ATMs.

Related Posts

Leave a Reply

Confirm now and stay with our news

What we write about

I want to save money. Will cryptocurrency work?

Cryptocurrency is essentially virtual money that operates in a decentralized manner, not through a bank but directly on multiple independent computers.

Every cryptocurrency has two main components: the units of digital exchange called “coins” and the network within which the exchange takes place. These units can be transferred between wallets and exchanged on exchanges. The networks in which these coins exist are called blockchains, which translates to “chains of blocks.”

Latest Articles

S&P Global Ratings joins Singapore MAS’s Project Guardian
28.06.2024By
Boden Memecoin Crashes After US President Biden’s Poor Debate Performance
28.06.2024By
Steno Research Expects $15-20B Inflows into Ether Spot ETFs, Predicts $6,500 Price Target
28.06.2024By

Latest news

S&P Global Ratings joins Singapore MAS’s Project Guardian
28.06.2024
Boden Memecoin Crashes After US President Biden’s Poor Debate Performance
28.06.2024
Steno Research Expects $15-20B Inflows into Ether Spot ETFs, Predicts $6,500 Price Target
28.06.2024
Bitcoin Mining Firm CleanSpark Acquires GRIID in $155M Stock Deal
28.06.2024
Elastos Partners With BEVM to Launch Bitcoin P2P Loans, Targeting $1.3T in Dormant Value
28.06.2024
Coinbase Files Lawsuits Against SEC, FDIC Over FOIA Request
27.06.2024
UK Watchdog Boosts Crypto Division to 100 Staff Members
27.06.2024
Hong Kong Government Explores DeFi and Metaverse to Boost Fintech Dominance
27.06.2024
Spot Ether ETFs May Receive US Approval by July 4: Report
27.06.2024
Bitcoin ETFs See Inflows for Second Consecutive Day as BTC Holds Steady at $60K
27.06.2024