The Cyber Security Agency of Singapore (CSA) recently discovered a security vulnerability in a cryptocurrency-related plugin used for website development on the WordPress platform. This vulnerability could potentially be exploited by malicious individuals to extract sensitive information.
According to CSA’s security advisory, Singapore’s Computer Emergency Response Team (SingCERT) has issued a warning regarding a plugin called “The Cryptocurrency Widgets – Price Ticker & Coins List,” highlighting its critical security vulnerability.
As shown in the above image, the vulnerability score for this plugin is 9.8/10, classified as “Critical,” which is the highest level in terms of vulnerability severity.
Furthermore, the National Vulnerability Database (NVD) in the United States explains that this plugin on WordPress is provided by a vendor named “narinder-singh” and is susceptible to SQL injection attacks through the “coinslist” parameter in versions 2.0 to 2.6.5.
SQL injection attacks are a type of network attack technique where attackers can manipulate the backend database by inserting malicious SQL commands into database queries, bypassing security measures to access, modify, or delete data. In simple terms, the vulnerability in this plugin allows unauthorized attackers to extract sensitive information through SQL injection attacks.
It is advised that relevant businesses or companies promptly check if their websites are using this plugin to avoid being affected.
