TLDR:
A critical security flaw has been identified in a popular WordPress plugin called “The Cryptocurrency Widgets – Price Ticker & Coins List.” The Cyber Security Agency of Singapore (CSA) has rated the vulnerability as a near-perfect 9.8 out of 10. The flaw is related to SQL Injection through the plugin’s ‘coinslist’ parameter, which could allow hackers to extract sensitive data or manipulate database queries without authorization.
According to the CVE Program, the vulnerability exists in versions 2.0 to 2.6.5 of the plugin. Cybersecurity experts have noted the issue of inadequate data handling by the plugin’s developer, Narinder-Singh. This incident highlights the broader security challenges faced by the cryptocurrency industry. Just weeks ago, Bitcoin ATM manufacturer Lamassu Industries patched a critical vulnerability that risked giving attackers control over its machines.
The incident underscores the importance of robust cybersecurity measures to protect users and their assets in the growing cryptocurrency industry.
(400 words)