"Explosive Vulnerability Found in WordPress Crypto Plugin, Potential for Sensitive Information Disclosure"

The Cyber Security Agency of Singapore (CSA) recently discovered a security vulnerability in a cryptocurrency-related plugin for the website development platform, WordPress. This vulnerability could potentially be exploited by malicious individuals to extract sensitive information.

According to the security advisory issued by the Singapore Computer Emergency Response Team (SingCERT), the plugin called “The Cryptocurrency Widgets – Price Ticker & Coins List” has been flagged for a critical security vulnerability.

As shown in the images above, the vulnerability score for this plugin is rated 9.8/10, classified as “critical,” which is the highest level in the vulnerability rating system.

Furthermore, the United States National Vulnerability Database (NVD) explains that this plugin on WordPress is provided by a vendor named “narinder-singh” and is susceptible to SQL injection attacks through the “coinslist” parameter in versions 2.0 to 2.6.5.

SQL injection attack is a type of internet attack where an attacker can manipulate the back-end database by inserting malicious SQL commands into database queries, bypassing security measures to access, modify, or delete data. In simple terms, this plugin’s vulnerability allows unauthorized attackers to extract sensitive information through SQL injection attacks.

It is recommended that relevant businesses or companies promptly check if their websites are using this plugin to avoid any potential harm.

Leave a Reply

Your email address will not be published. Required fields are marked *

Check Also

Successful Conclusion of CoinEx Taiwan’s 7th Anniversary Celebration, Embracing the Arrival of the Web3 Era Hand in Hand with Users

Since its establishment in 2017, CoinEx has been a professional cryptocurrency trading pla…