- The Cyber Security Agency of Singapore warns of a critical vulnerability in the "Cryptocurrency Widgets – Price Ticker & Coins List" plugin for WordPress, which threatens sensitive information.
- The vulnerability allows attackers to execute SQL injection attacks via the 'coinslist' parameter, potentially compromising the security of websites using versions 2.0 through 2.6.5 of the plugin.
- The NVD also raises concerns about cybersecurity risks associated with vulnerabilities in certain versions of Bitcoin Core and Bitcoin Knots.
The cryptocurrency widget "Price Ticker & Coins List" within WordPress, a web content management system, has been flagged for a critical vulnerability that could potentially expose sensitive data, as detailed in a security alert by the Cyber Security Agency of Singapore (CSA).
This alert applies to versions 2.0 through 2.65 of the plugin, as per the cybersecurity program CVE. The vendor of these versions was identified as "narinder-singh".
Did you know?
Want to get smarter & wealthier with crypto?
Subscribe - We publish new crypto explainer videos every week!
What is Ethereum Classic & ETC Coin? (Animated Explainer)
The vulnerability, as described by the National Vulnerability Database (NVD), stems from a SQL Injection flaw within the plugin's 'coinslist' parameter. This flaw exposes websites to potential exploitation by allowing attackers to inject malicious SQL queries, compromising the integrity of the website's database and potentially leading to an extraction of sensitive information.
SingCERT, the Singapore Cyber Emergency Response Team, has issued a security bulletin emphasizing the severity of this vulnerability, rating it at a staggering 9.8/10 on the severity scale. This underscores the significant risks posed to websites that use the plugin.
Despite efforts to patch and update versions that are susceptible to the vulnerability, websites using them remain at risk of exploitation.
Websites employing the "Price Ticker & Coins List" plugin for WordPress must promptly address the SQL Injection flaw to mitigate potential exposure of sensitive data. Immediate action is essential to safeguard against unauthorized access and uphold cybersecurity standards.