Crypto Widget WordPress Plugin Flagged as “Critical” Cybersecurity Risk

Cybersecurity Hack wordpress
Last updated:
Author
Brian Yue
Author Categories
About Author

Last updated:
Why Trust Cryptonews
Cryptonews has covered the cryptocurrency industry topics since 2017, aiming to provide informative insights to our readers. Our journalists and analysts have extensive experience in market analysis and blockchain technologies. We strive to maintain high editorial standards, focusing on factual accuracy and balanced reporting across all areas - from cryptocurrencies and blockchain projects to industry events, products, and technological developments. Our ongoing presence in the industry reflects our commitment to delivering relevant information in the evolving world of digital assets. Read more about Cryptonews

A crypto widget plugin for the web content management system WordPress was named as a “critical cybersecurity risk” yesterday.

A security bulletin released by the Cyber Security Agency of Singapore (CSA) noted that a plugin, called “The Cryptocurrency Widgets – Price Ticker & Coins List” has been identified as a cybersecurity risk and could potentially be exploited to extract sensitive information.

The crypto widget obtained a base score of 9.8/10, placing it in the “critical” group of vulnerabilities the CSA uses to refer to vulnerabilities with a minimum score of 9/10.

The Crypto Widget Plugin’s Vulnerabilities

The National Vulnerability Database (NVD), the U.S. government repository for standards-based vulnerability management data, said that the WordPress crypto plugin is susceptible to SQL Injection through the ‘coinslist’ parameter in versions 2.0 to 2.6.5.

This vulnerability arose from insufficient escaping on the user-supplied parameter and inadequate preparation on the existing SQL query. It permitted the extraction of sensitive information from the database, enabling unauthenticated attackers to add additional structured language queries to the existing ones.

According to the security firm CVE Program, the widget was supplied by a vendor identified as “narinder-singh,” and versions 2.0 through 2.6.5 were identified as containing the vulnerability.

Cybersecurity Risks Plaguing Crypto

Security vulnerabilities are becoming increasingly common in the crypto industry. Two weeks ago, Bitcoin ATM manufacturer Lamassu Industries addressed a vulnerability that, if exploited, could have provided hackers with “full control” over its Bitcoin ATMs.

Gabriel Gonzalez, Director of Hardware Security at IOActive, reported that the exploited vulnerabilities could have allowed the hackers to empty all funds from the ATM and manipulate the note reader to display inaccurate deposit amounts.

The vulnerability was discovered when a team of ethical hackers from the security firm IOActive attempted to compromise Lamassu’s Bitcoin ATMs in 2023. The researchers identified and exploited multiple vulnerabilities, ultimately gaining full control over the ATMs.

More Articles

Features
Linea Airdrop: Will the Token Fail or Breathe Life into L2s?
Olga Primakova
Olga Primakova
2025-02-10 16:32:37
Blockchain News
Crypto Mixers Used Less By Ransomware Criminals, AI Agents Pose New Threat
Rachel Wolfson
Rachel Wolfson
2025-02-10 16:25:01
Crypto News in numbers
editors
Authors List + 66 More
2M+
Active Monthly Users Around the World
250+
Guides and Reviews Articles
8
Years on the Market
70
International Team Authors