Cyber security agency warns this WordPress widget might leak data
Briefly

The Cryptocurrency Widgets WordPress plugin has been found to have a critical security vulnerability that could potentially expose user data, according to the Cyber Security Agency (CSA) Singapore. The vulnerability, which affects versions 2.0 to 2.6.5 of the plugin, is due to insufficient escaping on user-supplied input and lack of preparation on SQL queries. This could allow unauthorized users to add extra SQL queries and potentially extract sensitive information from a website's database.
The security warning applies to versions 2.0 to 2.6.5 and, according to the CSA, centers around "insufficient escaping on the user-supplied parameter and lack of sufficient preparation on the existing SQL query".
As the plugin is used for displaying cryptocurrency price lists and tables on websites, users' wallets, finances, and personal information could be at risk. The plugin has over 10,000 downloads, but the number of users affected is unknown. This security vulnerability highlights the importance of regularly updating software to protect against potential attacks.
Considering the widget is centered around cryptocurrency, this could leave users' wallets, finances, or other personal information vulnerable to attack.
Read at ReadWrite
[
add
]
[
|
|
]
more Privacy professionals Briefly
[ Load more ]