Priya PatelTLDR:
A crypto widget plugin for WordPress has been flagged as a “critical” cybersecurity risk by the Cyber Security Agency of Singapore. The plugin, known as “The Cryptocurrency Widgets – Price Ticker & Coins List,” was found to have vulnerabilities that could be used to extract sensitive information through SQL injection. The plugin obtained a base score of 9.8 out of 10, indicating the severity of the risk. This highlights the increasing presence of cybersecurity risks in the crypto industry, with recent vulnerabilities found in Bitcoin ATMs.
Key Points:
- A crypto widget plugin for WordPress has been flagged as a “critical” cybersecurity risk by the Cyber Security Agency of Singapore.
- The plugin, known as “The Cryptocurrency Widgets – Price Ticker & Coins List,” has vulnerabilities that could be exploited through SQL injection.
- The vulnerability allows unauthenticated attackers to extract sensitive information from the database.
- This highlights the increasing presence of cybersecurity risks in the crypto industry, with recent vulnerabilities found in Bitcoin ATMs.
A plugin for the popular web content management system WordPress has been identified as a “critical cybersecurity risk” by the Cyber Security Agency of Singapore (CSA). The plugin, called “The Cryptocurrency Widgets – Price Ticker & Coins List,” has vulnerabilities that could potentially be exploited to extract sensitive information. These vulnerabilities were identified as SQL injection through the ‘coinslist’ parameter in versions 2.0 to 2.6.5 of the plugin. The National Vulnerability Database (NVD), a U.S. government repository for vulnerability management data, confirmed the vulnerabilities in the plugin. The CSA’s security bulletin highlighted the severity of the risk, assigning a base score of 9.8 out of a maximum of 10, categorizing it as a “critical” cybersecurity risk. This rating indicates the seriousness of the vulnerabilities and the potential impact they could have on security.
This discovery highlights the growing presence of cybersecurity risks in the cryptocurrency industry. Just two weeks prior, Bitcoin ATM manufacturer Lamassu Industries addressed a vulnerability that could have given hackers “full control” over its Bitcoin ATMs. The vulnerabilities were discovered by ethical hackers from security firm IOActive when they attempted to compromise Lamassu’s Bitcoin ATMs. They were able to gain full control over the ATMs, allowing them to empty all funds and manipulate the note reader to display incorrect deposit amounts. These recent incidents demonstrate the need for increased cybersecurity measures within the cryptocurrency industry to protect against potential attacks.
As the cryptocurrency industry continues to evolve and gain mainstream adoption, it is crucial to prioritize cybersecurity to safeguard users’ sensitive information and prevent potential exploits. Developers and users of cryptocurrency-related software should regularly update their systems to address known vulnerabilities and implement best practices for secure coding and deployment. Additionally, continuous monitoring and penetration testing can help identify and address new vulnerabilities as they arise. It is essential for the cryptocurrency industry as a whole to prioritize cybersecurity as an integral part of its operations to build trust and ensure the safe and secure use of digital assets.
