Thursday, November 14, 2024

Singapore’s Cyber ​​Authority warns that WordPress encrypted widget may lead to data leakage

Must read


WordPress’ encrypted widget plugin has vulnerabilities that could expose sensitive data, Singapore’s Cybersecurity Authority has warned.

The Cyber ​​Security Authority of Singapore (CSA) has issued an important warning regarding the WordPress widget plugin “Cryptocurrency Widget – Price Ticker and Coin List”, stating that versions 2.0 to 2.6.5 are vulnerable to SQL injection via the “coinslist” parameter. said that it is vulnerable.

According to CSA, the vulnerability is due to insufficient escaping of user-supplied parameters and insufficient preparation of existing SQL queries. The flaw could allow an unauthenticated attacker to inject additional SQL queries and extract sensitive information from a website’s database, the agency said.

According to the WordPress website, the plugin was provided by Narinder Singh, who is said to be the co-founder of CryptocurrencyPlugins at CoolPlugins.net.

According to the WordPress Marketplace, the plugin developed by CoolPlugins.net has more than 10,000 downloads and 5-star reviews from more than 150 reviews, but only affected users in versions 2.0 to 2.6.5. The number remains unknown. Although the plugin page indicates an update to version 2.6.6, it is unclear whether the latest update resolves this vulnerability. As of this writing, Cool Plugins has not publicly commented on this issue.

In October 2023, crypto.news reported that malicious actors began targeting websites created with WordPress and using BNB Chain’s smart contracts to distribute malware. By injecting code that extracts partial payloads from smart contracts, hackers surreptitiously embed dangerous scripts, effectively using smart contracts as anonymous and free hosting platforms for malicious activities. Cybersecurity analysts warn that this is a possibility.

Follow us on Google News



Source link

More articles

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest article