WordPress’s cryptocurrency gadget plugin has a serious vulnerability that risks leaking sensitive information
On February 8th, the Cyber Security Agency of Singapore (CSA) emphasized that the cryptocurrency widget plugin "Cryptocurrency Widgets - Price Ticker Coins List" for the web development platform WordPress contains a serious vulnerability that can be used to extract sensitive information. According to the security company CVE Program, the plugin was provided by a supplier named "narinder-singh", and versions 2.0 to 2.6.5 were found to carry this vulnerability.
The aforementioned vulnerability allows unauthorized attackers to append additional SQL queries to existing queries, thereby extracting sensitive information from the database. The security advisory issued by the Singaporean Cyber Emergency Response Team (SingCERT) rates this plugin vulnerability at 9.8/10, which is classified as "critical". (Cointelegraph)
Disclaimer: The content of this article solely reflects the author's opinion and does not represent the platform in any capacity. This article is not intended to serve as a reference for making investment decisions.
You may also like
DOODUSDT now launched for futures trading and trading bots
Ethereum Foundation allocates $32 million to expand education and tools in the ecosystem
Ripple Ends Dispute with SEC, Recovers $75 Million, XRP Surges 10%
Core Scientific Nets $580M in Q1 Despite Revenue Miss, Eyes AI and HPC Future
Nasdaq-listed Bitcoin miner Core Scientific Inc. has reported a net income of $580 million for the first quarter of 2025, more than double the $210 million recorded during the same period last year. However, the firm fell short of analyst expectations for revenue, signalling the growing impact of industry shifts and operational transformation.
Trending news
MoreCrypto prices
More
