The Cyber Security Agency of Singapore (CSA) has reportedly discovered a vulnerability in the “Cryptocurrency Widgets: Price Ticker & Coins List plugin” for WordPress, a web content management platform.
The CSA warned that the flaw in the plugin could expose sensitive user information. The National Vulnerability Database (NVD), which is a vulnerability management data repository of the U.S. government, claims that the WordPress crypto plugin is susceptible to SQL Injection via the ‘coinslist’ parameter.
High Risk in WordPress Crypto Plugin, Security Agents Warn
The flaw stems from inadequate escaping on the user-supplied parameter and inadequate preparation on the current SQL query in versions 2.0 to 2.6.5.
This #WordPress #crypto widget plugin can leak sensitive information :
According to the security firm CVE Program, the “Cryptocurrency Widgets – Price Ticker & Coins List plugin” WordPress widget carries a critical vulnerability from versions 2.0 through 2.6.5.
The Cyber Security… pic.twitter.com/99UCS3Mcsf— TOBTC (@_TOBTC) February 8, 2024
The vulnerability could reportedly allow attackers to append more structured query language (SQL) requests to pre-existing queries, enabling the extraction of sensitive data from the database.
The plugin was reportedly provided by Narinder Singh, who is purportedly a co-founder of CryptocurrencyPlugins by CoolPlugins.net. In addition, the plugin has had over 10,000 downloads and over 150 five-star reviews. However, it remains unknown how many users are impacted by versions 2.0 to 2.6.5.
Recent reports show that bad actors have deployed new skills in attacking crypto platforms. One of the recent strategies involves distributing malware through BNB Chain’s smart contracts, specifically aimed at WordPress-powered websites.
Experts warn hackers may use smart contracts for anonymous, malicious hosting by embedding code to fetch payloads.
Disclaimer
The information discussed by Altcoin Buzz is not financial advice. This is for educational, entertainment, and informational purposes only. Any information or strategies are thoughts and opinions relevant to the accepted levels of risk tolerance of the writer/reviewers and their risk tolerance may be different than yours. We are not responsible for any losses that you may incur as a result of any investments directly or indirectly related to the information provided. Bitcoin and other cryptocurrencies are high-risk investments so please do your due diligence. Copyright Altcoin Buzz Pte Ltd.