Security Agents Warn of a Risky WordPress Crypto Plugin

The Cyber Security Agency of Singapore (CSA) has reportedly discovered a vulnerability in the “Cryptocurrency Widgets: Price Ticker & Coins List plugin” for WordPress, a web content management platform.

The CSA warned that the flaw in the plugin could expose sensitive user information. The National Vulnerability Database (NVD), which is a vulnerability management data repository of the U.S. government, claims that the WordPress crypto plugin is susceptible to SQL Injection via the ‘coinslist’ parameter.

High Risk in WordPress Crypto Plugin, Security Agents Warn

The flaw stems from inadequate escaping on the user-supplied parameter and inadequate preparation on the current SQL query in versions 2.0 to 2.6.5.

The vulnerability could reportedly allow attackers to append more structured query language (SQL) requests to pre-existing queries, enabling the extraction of sensitive data from the database.

The plugin was reportedly provided by Narinder Singh, who is purportedly a co-founder of CryptocurrencyPlugins by CoolPlugins.net. In addition, the plugin has had over 10,000 downloads and over 150 five-star reviews. However, it remains unknown how many users are impacted by versions 2.0 to 2.6.5.

Recent reports show that bad actors have deployed new skills in attacking crypto platforms. One of the recent strategies involves distributing malware through BNB Chain’s smart contracts, specifically aimed at WordPress-powered websites.

Experts warn hackers may use smart contracts for anonymous, malicious hosting by embedding code to fetch payloads.

Coins

Disclaimer

The information discussed by Altcoin Buzz is not financial advice. This is for educational, entertainment, and informational purposes only. Any information or strategies are thoughts and opinions relevant to the accepted levels of risk tolerance of the writer/reviewers and their risk tolerance may be different than yours. We are not responsible for any losses that you may incur as a result of any investments directly or indirectly related to the information provided. Bitcoin and other cryptocurrencies are high-risk investments so please do your due diligence. Copyright Altcoin Buzz Pte Ltd.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.