Singapore's CSA Flags Crypto Plugin on WordPress as a Cybersecurity Threat
Summary:
The Cyber Security Agency (CSA) of Singapore has warned that a cryptocurrency widget plugin for WordPress, 'The Cryptocurrency Widgets – Price Ticker & Coins List,' contains a critical flaw. This vulnerability, identified by the Singapore Cyber Emergency Response Team (SingCERT), could be exploited to extract sensitive information. The plugin was supplied by a vendor named 'narinder-singh,' with versions 2.0 to 2.6.5 identified as vulnerable. This report follows a previous alert in December, when the National Vulnerability Database flagged Bitcoin's inscriptions as a cybersecurity risk.
A flaw has been discovered in a cryptocurrency widget used on WordPress, a popular web development platform, according to the Cyber Security Agency of Singapore (CSA). Their Cyber Emergency Response Team, SingCERT, issued a warning following the discovery. The widget goes by the name of 'The Cryptocurrency Widgets – Price Ticker & Coins List.' A critical vulnerability in this plugin could enable the extraction of confidential data.
SingCERT's report states that this vulnerability was given a 9.8/10 severity rating, placing it in the 'critical' category. According to the National Vulnerability Database (NVD), the U.S. government's official record of vulnerability management data, this WordPress cryptocurrency plugin could be exploited through SQL Injection. The vulnerability specific to versions 2.0 to 2.6.5 of the plugin arises from poor handling of user-supplied parameters.
The flaw enables unauthenticated attackers to manipulate SQL queries, potentially accessing deep-reaching data from the system. Reports by CVE, a cybersecurity organisation, point to a vendor by the name of ‘narinder-singh’ as the provider of affected versions of the widget.
Towards the end of last year, the NVD had highlighted Bitcoin's inscriptions as a cybersecurity risk. According to their records, a particular data carrier limit could be bypassed in certain versions of Bitcoin Core and Bitcoin Knots, thus posing a security threat. Inscriptions reportedly exploited this vulnerability multiple times over 2022 and 2023.
Bitcoin Core developer Luke Dashjr drew attention to the same issue, suggesting that these inscriptions were leveraging a vulnerability in Bitcoin Core to spam the network. He likened the effect to sifting through heaps of junk mail daily, significantly slowing down the process for the user.
Published At
2/8/2024 9:32:00 AM
Disclaimer: Algoine does not endorse any content or product on this page. Readers should conduct their own research before taking any actions related to the asset, company, or any information in this article and assume full responsibility for their decisions. This article should not be considered as investment advice. Our news is prepared with AI support.
Do you suspect this content may be misleading, incomplete, or inappropriate in any way, requiring modification or removal?
We appreciate your report.