Connect with us

Hi, what are you looking for?

Economy

Crypto Widget WordPress Plugin Flagged as “Critical” Cybersecurity Risk

A crypto widget plugin for web content management system WordPress was named as a “critical cybersecurity risk” yesterday.

A security bulletin released by the Cyber Security Agency of Singapore (CSA) noted that a plugin called “The Cryptocurrency Widgets – Price Ticker & Coins List” has been identified as a cybersecurity risk and could potentially be exploited to extract sensitive information.

The crypto widget obtained a base score of 9.8/10, placing it in the “critical” group of vulnerabilities the CSA uses to refer to vulnerabilities with a minimum score of 9/10.

The Crypto Widget Plugin’s Vulnerabilities


The National Vulnerability Database (NVD), the U.S. government repository for standards-based vulnerability management data, said that the WordPress crypto plugin is susceptible to SQL Injection through the ‘coinslist’ parameter in versions 2.0 to 2.6.5.

This vulnerability arose from insufficient escaping on the user-supplied parameter and inadequate preparation on the existing SQL query. It permitted the extraction of sensitive information from the database, enabling unauthenticated attackers to add additional structured language queries to the existing ones.

According to the security firm CVE Program, the widget was supplied by a vendor identified as “narinder-singh,” and versions 2.0 through 2.6.5 were identified as containing the vulnerability.

Cybersecurity Risks Plaguing Crypto


Security vulnerabilities are becoming increasingly common in the crypto industry. Two weeks ago, Bitcoin ATM manufacturer Lamassu Industries addressed a vulnerability that, if exploited, could have provided hackers with “full control” over its Bitcoin ATMs.

Gabriel Gonzalez, Director of Hardware Security at IOActive, reported that the exploited vulnerabilities could have allowed the hackers to empty all funds from the ATM and manipulate the note reader to display inaccurate deposit amounts.

The vulnerability was discovered when a team of ethical hackers from the security firm IOActive attempted to compromise Lamassu’s Bitcoin ATMs in 2023. The researchers identified and exploited multiple vulnerabilities, ultimately gaining full control over the ATMs.

The post Crypto Widget WordPress Plugin Flagged as “Critical” Cybersecurity Risk appeared first on Cryptonews.

Your information is secure and your privacy is protected. By opting in you agree to receive emails from us. Remember that you can opt-out any time, we hate spam too!

Latest

Economy

Get your daily, bite-sized digest of blockchain and crypto news – investigating the stories flying under the radar of today’s news. In today’s crypto...

Economy

The amount of Bitcoin (BTC) held on Coinbase has plummeted by almost $1 billion worth of assets as whales move their holdings. New data...

Economy

Mumbai, the bustling financial hub of India, has introduced a metaverse initiative aimed at showcasing its latest and upcoming city-wide infrastructure megaprojects. Dubbed the Mumbai...

Economy

BlackRock, the world’s largest asset manager, has intensified its media advertising campaign for its recently launched iShares spot Bitcoin exchange-traded fund (ETF), framing the...

Economy

In an exclusive, gaming-focused interview with Cryptonews, the BLOCKLORDS game CEO David Johansson talked about the indestructible link between crypto and gaming. He told...

Economy

A recent study by a team of researchers from Europe and Asia explored the possibility of predicting positive outcomes in crypto market trading using...

You May Also Like

Financial Advisors

[#item_full_content]

Financial Advisors

[#item_full_content]

Financial Advisors

[#item_full_content]

Disclaimer: Respect Investment.com, its managers, its employees, and assigns (collectively "The Company") do not make any guarantee or warranty about what is advertised above. Information provided by this website is for research purposes only and should not be considered as personalized financial advice. The Company is not affiliated with, nor does it receive compensation from, any specific security. The Company is not registered or licensed by any governing body in any jurisdiction to give investing advice or provide investment recommendation. Any investments recommended here should be taken into consideration only after consulting with your investment advisor and after reviewing the prospectus or financial statements of the company.

Copyright © 2024 Respect Investment. All Rights Reserved.