Connect with us

Hi, what are you looking for?

Editor's Pick

Crypto Widget WordPress Plugin Flagged as “Critical” Cybersecurity Risk

A crypto widget plugin for web content management system WordPress was named as a “critical cybersecurity risk” yesterday.

A security bulletin released by the Cyber Security Agency of Singapore (CSA) noted that a plugin called “The Cryptocurrency Widgets – Price Ticker & Coins List” has been identified as a cybersecurity risk and could potentially be exploited to extract sensitive information.

The crypto widget obtained a base score of 9.8/10, placing it in the “critical” group of vulnerabilities the CSA uses to refer to vulnerabilities with a minimum score of 9/10.

The Crypto Widget Plugin’s Vulnerabilities

The National Vulnerability Database (NVD), the U.S. government repository for standards-based vulnerability management data, said that the WordPress crypto plugin is susceptible to SQL Injection through the ‘coinslist’ parameter in versions 2.0 to 2.6.5.

This vulnerability arose from insufficient escaping on the user-supplied parameter and inadequate preparation on the existing SQL query. It permitted the extraction of sensitive information from the database, enabling unauthenticated attackers to add additional structured language queries to the existing ones.

According to the security firm CVE Program, the widget was supplied by a vendor identified as “narinder-singh,” and versions 2.0 through 2.6.5 were identified as containing the vulnerability.

Cybersecurity Risks Plaguing Crypto

Security vulnerabilities are becoming increasingly common in the crypto industry. Two weeks ago, Bitcoin ATM manufacturer Lamassu Industries addressed a vulnerability that, if exploited, could have provided hackers with “full control” over its Bitcoin ATMs.

Gabriel Gonzalez, Director of Hardware Security at IOActive, reported that the exploited vulnerabilities could have allowed the hackers to empty all funds from the ATM and manipulate the note reader to display inaccurate deposit amounts.

The vulnerability was discovered when a team of ethical hackers from the security firm IOActive attempted to compromise Lamassu’s Bitcoin ATMs in 2023. The researchers identified and exploited multiple vulnerabilities, ultimately gaining full control over the ATMs.

The post Crypto Widget WordPress Plugin Flagged as “Critical” Cybersecurity Risk appeared first on Cryptonews.

You May Also Like

Editor's Pick

As decentralized naming systems gain traction, Ethereum Name Service has seen ENS price double, leaving some FOMO investors asking is it too late to...

Economy

How can Forex crash? Forex market crash history Fact that the Forex is one of the most volatile and most profitable markets in the...

Editor's Pick

Colorado-based pastor Eligio “Eli” Regalado and his wife, Kaitlyn, are facing legal action after allegedly defrauding investors of millions of dollars through the sale...

Stock

Enthusiasm is needed to drive an uptrend, but sometimes enthusiasm can go too far. That is why technical analysts like to use various sentiment...

Disclaimer: happyretirementstories.com, its managers, its employees, and assigns (collectively “The Company”) do not make any guarantee or warranty about what is advertised above. Information provided by this website is for research purposes only and should not be considered as personalized financial advice. The Company is not affiliated with, nor does it receive compensation from, any specific security. The Company is not registered or licensed by any governing body in any jurisdiction to give investing advice or provide investment recommendation. Any investments recommended here should be taken into consideration only after consulting with your investment advisor and after reviewing the prospectus or financial statements of the company.


Copyright © 2024 happyretirementstories.com