Critical Cybersecurity Risk: WordPress Crypto Widget Plugin Raises Alarm The Cyber Security Agency of Singapore (CSA) has issued a warning, flagging a
critical cybersecurity risk associated with a popular crypto widget plugin for WordPress.
Named "The Cryptocurrency Widgets – Price Ticker & Coins List," this plugin has caught the attention of security experts due to its potential vulnerability to
SQL Injection attacks.
With a base score
of 9.8/10, this plugin falls into the highest-risk category, highlighting the urgent need for users to take action.
The flaw lies in versions
2.0 to 2.6.5, where an oversight in handling user input allows attackers to manipulate structured language queries and gain unauthorized access to sensitive data.
The vendor behind this plugin, identified
as "narinder-singh," must address these concerns promptly to safeguard users' information.