Singapore’s cyber security regulators caution that websites employing WordPress crypto widgets, especially price ticker and coins list plugins, can extract sensitive visitor information.
This reiterates the growing sophistication of hackers in their efforts to steal cryptocurrency.
WordPress Crypto Widgets At Risk
The Cyber Security Agency of Singapore (CSA) explained that hackers use SQL Injection to exploit WordPress crypto widgets’ price ticker plugins. This technique targets data-driven applications, posing a serious security risk.
“Price Ticker & Coins List plugin for WordPress is vulnerable to SQL Injection via the ‘coinslist’ parameter in versions 2.0 to 2.6.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.”
From there, it was explained that users are subject to their sensitive information being extracted from the hackers, which puts sensitive information such as passwords, and even crypto wallets at risk.
“This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.”
Read more: What Is a Rug Pull? A Guide to the Web3 Scam
In recent times, hacking has grown increasingly sophisticated, fueled by the burgeoning amounts of money in the crypto industry.
Sophisticated Hacking Trends on the Rise in Recent Times
In December 2023, BeInCrypto reported hackers conducting phishing campaigns on Google and social media, resulting in the theft of millions in crypto from victims.
“A ‘Wallet Drainer’ has been linked to phishing campaigns on Google search and X ads, draining approximately $58M from over 63K victims in 9 months.”
Howev
Go to Source to See Full Article
Author: Ciaran Lyons
Tip BTC Newswire with Cryptocurrency
Donate Bitcoin to BTC Newswire
Donate Bitcoin Cash to BTC Newswire
Donate Ethereum to BTC Newswire
Donate Litecoin to BTC Newswire
Donate Monero to BTC Newswire
Donate ZCash to BTC Newswire
