Cryptonews Blockchain News Crypto Widget WordPress Plugin Flagged as “Critical” Cybersecurity Risk

Crypto Widget WordPress Plugin Flagged as “Critical” Cybersecurity Risk

Brian Yue
Brian Yue
Last updated: | 1 min read
Cybersecurity risk
Image by Brian Yue, Midjourney

A crypto widget plugin for the web content management system WordPress was named as a “critical cybersecurity risk” yesterday.

A security bulletin released by the Cyber Security Agency of Singapore (CSA) noted that a plugin, called “The Cryptocurrency Widgets – Price Ticker & Coins List” has been identified as a cybersecurity risk and could potentially be exploited to extract sensitive information.

The crypto widget obtained a base score of 9.8/10, placing it in the “critical” group of vulnerabilities the CSA uses to refer to vulnerabilities with a minimum score of 9/10.

The Crypto Widget Plugin’s Vulnerabilities


The National Vulnerability Database (NVD), the U.S. government repository for standards-based vulnerability management data, said that the WordPress crypto plugin is susceptible to SQL Injection through the ‘coinslist’ parameter in versions 2.0 to 2.6.5.

This vulnerability arose from insufficient escaping on the user-supplied parameter and inadequate preparation on the existing SQL query. It permitted the extraction of sensitive information from the database, enabling unauthenticated attackers to add additional structured language queries to the existing ones.

According to the security firm CVE Program, the widget was supplied by a vendor identified as “narinder-singh,” and versions 2.0 through 2.6.5 were identified as containing the vulnerability.

Cybersecurity Risks Plaguing Crypto


Security vulnerabilities are becoming increasingly common in the crypto industry. Two weeks ago, Bitcoin ATM manufacturer Lamassu Industries addressed a vulnerability that, if exploited, could have provided hackers with “full control” over its Bitcoin ATMs.

Gabriel Gonzalez, Director of Hardware Security at IOActive, reported that the exploited vulnerabilities could have allowed the hackers to empty all funds from the ATM and manipulate the note reader to display inaccurate deposit amounts.

The vulnerability was discovered when a team of ethical hackers from the security firm IOActive attempted to compromise Lamassu’s Bitcoin ATMs in 2023. The researchers identified and exploited multiple vulnerabilities, ultimately gaining full control over the ATMs.

Cybersecurity Hack wordpress

Most Popular

Altcoin News
Armenian Officials Trained on Essential Techniques and Tools for Effective Crypto-Crime Investigations
Blockchain News
Real-World Data Unlocks the True Value of Tokenization: Chainlink
Altcoin News
Stripe to Resume Crypto Payments, Starting with USDC Stablecoin on Numerous Blockchains
News
DCG Boosts Legal Arsenal with First Chief Hire During New York AG Dispute
Altcoin News
Pantera Capital Seeks to Raise $1 Billion for New Fund Offering Exposure to Crypto Assets
Bitcoin News
Bitcoin Price Prediction as ‘Bitcoin Halving’ Executes Successfully – Will a New Bull Market Start Now?

Latest news

Altcoin News
Data Indicates Stablecoins Are Becoming A Global Asset Class
Bitcoin News
Bitcoin Price Chops Either Side of $64,000 Following Latest US Inflation Report – Here’s What You Need To Know
Blockchain News
CryptoQuant CEO Supports Crypto Mixing, Says It’s Not A Crime
Ethereum News
$510 Million in Ethereum Longs at Risk Amid Potential Weekend Volatility – Massive Price Swing Incoming?
Bitcoin News
Crypto Billionaire Arthur Hayes Predicts Bitcoin Bull Run to Return After $1.4 Trillion US Liquidity Spike
Blockchain News
Elizabeth Warren-Challenger John Deaton to File Brief in Support of Coinbase Appeal in SEC Case Today: Fox
Bitcoin News
Bitcoin Price Prediction as BTC Climbs to $64,226 Amidst Positive Market Trends – Time to Buy

Similar News