This WordPress Crypto Widget plugin may leak sensitive information.
Singapore's Cyber Security Agency (CSA) has highlighted a vulnerability in an encryption widget plugin for web development platform WordPress that could be used to extract confidential information.
A security bulletin released by Singapore's Cyber Emergency Response Team (SingCERT) warned against a plugin named “Cryptocurrency Widgets – Price Ticket and List of Coins”, flagging it for critical vulnerabilities.
As seen above, the crypto gadget received a base score of 9.8/10, placing it at “Critical”, high on the vulnerability spectrum.
National Vulnerability Database (NVD) – The United States Government's standards-based vulnerability management data repository – The WordPress CryptoPlug plugin is vulnerable to SQL injection in the ‘coinslist' parameter 2.0 through 2.6.5 due to a “sufficient escape” in the user-supplied parameter and the current SQL query. Lack of adequate preparation.
The vulnerability could allow unauthenticated attackers to add additional structured query language (SQL) queries to existing queries to extract sensitive information from the database.
According to the security firm CVE Program, the gadget was supplied by a vendor named “Narinder-Singh” and versions 2.0 to 2.6.5 were found to carry the vulnerability.
Related: Bitcoin ATM flaw could have given hackers ‘total control'
On December 9, 2023 NVD flagged Bitcoin (BTC) articles as a cyber security threat.
According to the database records, the data carrier limit can be bypassed in some versions of Bitcoin Core and Bitcoin Knots by being disguised as code. “In 2022 and 2023, Inscription was exploited in the wild,” the document says.
NVD's website cites a recent X post from Bitcoin Core developer Luke Dashjer as a source of information. Dashjir revealed that the scripts exploit a Bitcoin Core vulnerability to spam the network. “I think it's like receiving junk mail that you have to check every day to find what you're looking for. It slows down the process,” one user wrote in the thread.
Magazine: Real Life Doge at 18: MM Going to the Moon
