Odaily News Singapore’s Cyber ​​Security Agency (CSA) highlighted that the cryptocurrency widget plug-in “Cryptocurrency Widgets – Price Ticker Coins List” of the web development platform WordPress contains a serious vulnerability that can be used to extract sensitive information. According to the security company CVE Program, the plug-in is provided by a vendor named narinder-singh and versions 2.0 to 2.6.5 were found to carry the vulnerability. The vulnerability described above allows an unauthenticated attacker to append additional SQL queries to an existing query, thereby extracting sensitive information from the database. The security bulletin issued by the Singapore Cyber ​​Emergency Response Team (SingCERT) rated the plug-in vulnerability 9.8/10, which is a severe level. (Cointelegraph)