Cryptocurrency enthusiasts and website owners using WordPress beware: a popular crypto widget plugin harbors a critical vulnerability, potentially exposing sensitive data to attackers. Meanwhile, Singapore authorities sound the alarm on a rise in “crypto drainers” targeting investors’ wallets.
The Cybersecurity Agency of Singapore (CSA) issued a stark warning about the “Cryptocurrency Widgets – Price Ticker & Coins List” plugin, versions 2.0 to 2.6.5. These versions contain a SQL injection flaw, allowing hackers to inject malicious code and steal information from the website’s database. This vulnerability stems from inadequate security measures in the plugin, making websites using it sitting ducks for cyberattacks.
Flaw In The Code, Fortunes At Risk
The plugin, with over 10,000 downloads, displays cryptocurrency prices and coin lists. However, due to the vulnerability, unauthenticated attackers can exploit it without needing login credentials. This opens the door to
We współpracy z: https://bitcoinist.com/is-your-cryptocurrency-safe-check-your-wordpress-after-data-leak-warning/
