You can check the website statistics yourself or request them from us at [email protected]
On this platform, only organic high-quality traffic
Bitcoin
$ 30,725

Crypto Widget WordPress Plugin Flagged as “Critical” Cybersecurity Risk

Yesterday, the Cyber Security Agency of Singapore (CSA) highlighted a significant cybersecurity concern regarding a crypto widget plugin designed for the WordPress web content management system. The plugin in question, known as “The Cryptocurrency Widgets – Price Ticker & Coins List,” has been flagged as a potential vulnerability capable of exposing sensitive information.

According to a security bulletin released by the CSA, the plugin received a base score of 9.8 out of 10, categorizing it as a “critical” risk. This places it within the highest tier of vulnerabilities, defined by the CSA as those scoring a minimum of 9 out of 10.

The Crypto Widget Plugin’s Vulnerabilities

The National Vulnerability Database (NVD), which serves as the U.S. government repository for standards-based vulnerability management data, has identified a critical vulnerability within the WordPress crypto plugin. Specifically, versions 2.0 to 2.6.5 of the plugin are susceptible to SQL Injection through the ‘coinslist’ parameter.

This vulnerability stems from inadequate handling of user-supplied input within the parameter, coupled with insufficient preparation of the existing SQL query. As a result, attackers can exploit this flaw to extract sensitive information from the database. Furthermore, unauthenticated attackers can inject additional structured language queries alongside the existing ones.

Security firm CVE Program attributes the affected widget to a vendor named “narinder-singh,” with versions 2.0 through 2.6.5 confirmed to contain the vulnerability.

Cybersecurity Risks Plaguing Crypto

Security vulnerabilities are increasingly prevalent within the crypto industry, as evidenced by a recent incident involving Bitcoin ATM manufacturer Lamassu Industries. Just two weeks ago, the company addressed a critical vulnerability that, if exploited, could have granted hackers complete control over its Bitcoin ATMs.

Gabriel Gonzalez, Director of Hardware Security at IOActive, brought attention to the vulnerability, noting that it had the potential to allow hackers to empty all funds from the ATM and manipulate the note reader to display inaccurate deposit amounts.

The vulnerability came to light when a team of ethical hackers from the security firm IOActive conducted tests on Lamassu’s Bitcoin ATMs in 2023. Through their efforts, they uncovered and exploited multiple vulnerabilities, ultimately gaining full control over the ATMs.

Related Posts

Leave a Reply

Confirm now and stay with our news

What we write about

I want to save money. Will cryptocurrency work?

Cryptocurrency is essentially virtual money that operates in a decentralized manner, not through a bank but directly on multiple independent computers.

Every cryptocurrency has two main components: the units of digital exchange called “coins” and the network within which the exchange takes place. These units can be transferred between wallets and exchanged on exchanges. The networks in which these coins exist are called blockchains, which translates to “chains of blocks.”

Latest Articles

Telegram to Launch Advertising Platform Using TON Blockchain
29.02.2024By
3 Crypto Experts Predict This New Coin Might 50x In March
29.02.2024By
Expert Take: Rising DeFi TVL is Silencing the Doubters
29.02.2024By

Latest news

Telegram to Launch Advertising Platform Using TON Blockchain
29.02.2024
3 Crypto Experts Predict This New Coin Might 50x In March
29.02.2024
Expert Take: Rising DeFi TVL is Silencing the Doubters
29.02.2024
Aura CEO: Luxury Industry on Verge of Embracing Crypto with On-Chain Digital Passports
29.02.2024
Crypto Lender Ledn Now Offers ETH-Backed Loans to Meet Growing Demand
29.02.2024
Spot Bitcoin ETFs See $7.7 Billion in Daily Trading Volume as BTC Price Races Towards ATH
29.02.2024
Morgan Stanley Considering Spot Bitcoin ETFs for Brokerage Platform: Report
29.02.2024
St. Regis Aspen Resorts to Tokenize Equity Using Tezos Blockchain
28.02.2024
Jamaica is ‘Determined’ to Bring CBDC to Address Cash Problems: BOJ Governor
28.02.2024
Ethereum’s TVL Breaches $50 Billion as DeFi Activity Ramps Up
28.02.2024