Languagesx
English Deutsch
Subscribe
Home Cyber security agency warns this WordPress widget might leak data

Cyber security agency warns this WordPress widget might leak data

Hacker man's hands on green screen laptop

A WordPress crypto widget used by thousands could contain a security vulnerability that could leak data to potential attackers.

Cyber Security Agency (CSA) Singapore has released a security bulletin detailing a critical vulnerability in ‘Cryptocurrency Widgets – Price Ticker & Coins List’, leaving it potentially vulnerable to exposing user data. The security warning applies to versions 2.0 to 2.6.5 and, according to the CSA, centers around “insufficient escaping on the user-supplied parameter and lack of sufficient preparation on the existing SQL query”.

Essentially, this means that there is an issue with how user input is handled within a software application or database, going against standard security best practices. The CSA warns that this WordPress widget could potentially allow unauthorized users to add extra SQL queries, with the risk of extracting sensitive information from a website’s database.

Considering the widget is centered around cryptocurrency, this could leave users’ wallets, finances, or other personal information vulnerable to attack. The plug-in itself has over 10,000 downloads, with no word yet on how many people could be affected.

This wouldn’t be the first time that hackers have used such security vulnerabilities to extract everything from partial payouts to smart contracts. Dangerous scripts can often go unnoticed for periods, leaving agencies like CSA Singapore to warn of potential vulnerabilities like this one.

What is ‘Cryptocurrency Widgets’?

Cryptocurrency Widgets is used to display coins price lists, tables, multi-currency tabs, and price labels on websites, lending itself well to crypto trading websites that offer overviews of the market. It updates regularly 24 hours a day to provide continual coverage for Bitcoin, Ethereum, and other popular cryptocurrencies.

At the time of writing, CoolPlugins (the creator of the widget) has not publicly commented on the issue. There is also currently an update for version 2.6.6, which should be protected against the security vulnerability.

Featured image: Pexels

About ReadWrite’s Editorial Process

The ReadWrite Editorial policy involves closely monitoring the tech industry for major developments, new product launches, AI breakthroughs, video game releases and other newsworthy events. Editors assign relevant stories to staff writers or freelance contributors with expertise in each particular topic area. Before publication, articles go through a rigorous round of editing for accuracy, clarity, and to ensure adherence to ReadWrite's style guidelines.

tags
Rachael Davies
Tech Journalist

Rachael Davies has spent six years reporting on tech and entertainment, writing for publications like the Evening Standard, Huffington Post, Dazed, and more. From niche topics like the latest gaming mods to consumer-faced guides on the latest tech, she puts her MA in Convergent Journalism to work, following avenues guided by a variety of interests. As well as writing, she also has experience in editing as the UK Editor of The Mary Sue , as well as speaking on the important of SEO in journalism at the Student Press Association National Conference. You can find her full portfolio over on…

Related News

A large control room with several screens showing crypto financial symbols. Two office workers with their back to viewer sit at their desk. A UK flag is on the wall
U.K. law enforcement gets news powers to seize crypto
Radek Zielinski
Digital art of Samourai Wallet in chains, with Bitcoin logos in the background, crashing down. Dark, ominous colors, with red and green candlesticks representing price drops.
Samourai Wallet founders arrested, crypto market tumbles
Radek Zielinski
BlackRock’s Bitcoin ETF sees first day without inflows
Radek Zielinski
A 3D render of a large, open hand holding a shimmering Bitcoin, with numerous smaller hands reaching out to touch or hold the coin, symbolizing the growing adoption and distribution of Bitcoin among the "average" person.
Bitcoin wallets holding over $1,000 surge 20% in 2024
Radek Zielinski
A digital illustration of a majestic blue whale swimming in a sea of Bitcoin coins, with a rising sun in the background casting a golden glow on the water's surface, symbolizing the accumulation of Bitcoin by whales and the potential for a bright future.
Bitcoin whales drive price above $67,000 resistance
Radek Zielinski

Most Popular Tech Stories

Latest News

The Xbox Series X|S dashboard with AirPods
Gaming

How to connect AirPods to Xbox consoles
Jacob Woodward14 hours

If you’re a hardcore gamer, you’re likely using the top of the line headsets to hear every single footstep possible. However, if you’re a more casual player, maybe someone who...

Popular TopicsArrow right.svg

AI
AI
AR / VR
AR / VR
Cryptocurrency
Cryptocurrency
Gaming
Gaming
Smartphone
Smartphone
Gambling
Gambling
Wearables
Wearables
Web
Web

Get the biggest tech headlines of the day delivered to your inbox

    By signing up, you agree to our Terms and Privacy Policy. Unsubscribe anytime.

    Tech News

    Explore the latest in tech with our Tech News. We cut through the noise for concise, relevant updates, keeping you informed about the rapidly evolving tech landscape with curated content that separates signal from noise.

    In-Depth Tech Stories

    Explore tech impact in In-Depth Stories. Narrative data journalism offers comprehensive analyses, revealing stories behind data. Understand industry trends for a deeper perspective on tech's intricate relationships with society.

    Expert Reviews

    Empower decisions with Expert Reviews, merging industry expertise and insightful analysis. Delve into tech intricacies, get the best deals, and stay ahead with our trustworthy guide to navigating the ever-changing tech market.