A crypto widget commonly used in WordPress sites might have a security flaw that could expose data to potential cyber attackers.
The Cyber Security Agency (CSA) Singapore has issued a security alert outlining a critical vulnerability in ‘Cryptocurrency Widgets – Price Ticker & Coins List’, making it prone to potential data exposure. The security advisory pertains to versions 2.0 to 2.6.5 and is attributed to “inadequate handling of user-supplied input and insufficient precautions in the existing SQL query,” as per the CSA.
In essence, this means there is a problem with how user-provided data is managed within the software or database, disregarding standard security protocols. The CSA cautions that this WordPress widget might enable unauthorized users to input additional SQL queries, putting the website’s database at risk of data extraction.
Given that the widget focuses on cryptocurrency, users’ wallets, financial details, and other personal information could be left vulnerable to potential attacks. The plugin has been downloaded over 10,000 times, and the extent of the potential impact is yet to be disclosed.
This isn’t the first instance where security vulnerabilities have been exploited by hackers to access various data, from partial transactions to smart contracts. Malicious scripts can often go undetected for a period, prompting agencies like CSA Singapore to alert about potential risks like this one.
What is ‘Cryptocurrency Widgets’?
Cryptocurrency Widgets is a tool utilized to show cryptocurrency price lists, tables, multi-currency tabs, and price tags on websites, particularly useful for crypto trading platforms providing market overviews. It updates continuously round the clock to offer real-time coverage of popular cryptocurrencies like Bitcoin and Ethereum.
As at the time of publication, CoolPlugins (the developer behind the widget) has not yet publicly addressed the problem. A safeguarding update for version 2.6.6 is available to protect against this security vulnerability.
Featured image: Pexels
