Description
WordPress Plugin Cryptocurrency Widgets-Price Ticker & Coins List is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently download and extract a remote ZIP file on the blog, which can lead to remote code execution. WordPress Plugin Cryptocurrency Widgets-Price Ticker & Coins List version 2.4 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 2.5 or latest
References
https://blog.nintechnet.com/8-wordpress-plugins-fixed-high-severity-vulnerability/
https://plugins.svn.wordpress.org/cryptocurrency-price-ticker-widget/trunk/readme.txt
Related Vulnerabilities
PHP Improper Input Validation Vulnerability (CVE-2015-4604)
Java Unspesificed Vulnerability (CVE-2018-14048)
MySQL CVE-2020-2774 Vulnerability (CVE-2020-2774)
Sqlite Missing Release of Memory after Effective Lifetime Vulnerability (CVE-2021-45346)
WordPress Plugin WP Statistics Cross-Site Scripting (12.0.5)