{"id":2542,"date":"2024-01-03T13:41:49","date_gmt":"2024-01-03T13:41:49","guid":{"rendered":"http:\/\/seguridadwordpress.es\/post-smtp-mailer-2-8-6-reflected-cross-site-scripting-a-traves-del-parametro-msg\/"},"modified":"2024-01-03T13:41:49","modified_gmt":"2024-01-03T13:41:49","slug":"post-smtp-mailer-2-8-6-reflected-cross-site-scripting-a-traves-del-parametro-msg","status":"publish","type":"post","link":"http:\/\/127.0.0.1\/post-smtp-mailer-2-8-6-reflected-cross-site-scripting-a-traves-del-parametro-msg\/","title":{"rendered":"POST SMTP Mailer &lt;= 2.8.6 &#8211; Reflected Cross-Site Scripting a trav\u00e9s del par\u00e1metro &#039;msg&#039;"},"content":{"rendered":"<div>El plugin POST SMTP Mailer &#8211; Registro de correos electr\u00f3nicos, notificaciones de fallos de entrega y mejor correo SMTP para WordPress para WordPress es vulnerable a un Cross-Site Scripting reflejado a trav\u00e9s del par\u00e1metro &#8216;msg&#8217; en todas las versiones hasta, e incluyendo, la versi\u00f3n 2.8.6 debido a una insuficiente sanitizaci\u00f3n y escape de entrada de datos. Esto permite a atacantes sin autenticarse inyectar scripts web arbitrarios en las p\u00e1ginas que se ejecutan si logran enga\u00f1ar al usuario para que realice una acci\u00f3n como hacer clic en un enlace.<\/div>\n<p><\/p>\n<div>El plugin POST SMTP Mailer, muy utilizado en sitios de WordPress, presenta una vulnerabilidad de Cross-Site Scripting (XSS) reflejado en sus versiones hasta 2.8.6. Esta vulnerabilidad permite que un atacante sin autenticaci\u00f3n pueda inyectar c\u00f3digo JavaScript malicioso en los navegadores de los visitantes. El ataque se lleva a cabo a trav\u00e9s del par\u00e1metro &#8216;msg&#8217; en las URL del sitio web.<\/p>\n<p>Esta vulnerabilidad se debe a una falta de sanitizaci\u00f3n y escape de los datos de entrada por parte del plugin antes de mostrarlos en la p\u00e1gina web. Esto significa que los datos no son correctamente filtrados y pueden ejecutar el c\u00f3digo JavaScript insertado por el atacante en el navegador de la v\u00edctima.<\/p>\n<p>Las posibles soluciones para mitigar este problema son las siguientes:<\/p>\n<p>1. Actualizar a la \u00faltima versi\u00f3n del plugin POST SMTP Mailer. La versi\u00f3n m\u00e1s reciente (2.8.7) soluciona esta vulnerabilidad y se recomienda a todos los usuarios que actualicen a esta versi\u00f3n lo antes posible.<br \/>\n2. Implementar un firewall de aplicaciones web que pueda detectar y bloquear intentos de inyecci\u00f3n de c\u00f3digo malicioso en las URL del sitio web.<br \/>\n3. Revisar el c\u00f3digo del sitio web en busca de cualquier referencia o uso del par\u00e1metro &#8216;msg&#8217; y asegurarse de que se realiza una adecuada sanitizaci\u00f3n y escape de los datos antes de mostrarlos en la p\u00e1gina.<\/p><\/div>\n<div>La vulnerabilidad de Cross-Site Scripting (XSS) reflejado en el plugin POST SMTP Mailer &lt;= 2.8.6 puede permitir a un atacante inyectar c\u00f3digo JavaScript malicioso en las p\u00e1ginas web de los visitantes. Es importante que los usuarios actualicen a la \u00faltima versi\u00f3n del plugin y sigan las buenas pr\u00e1cticas de seguridad web para proteger sus sitios WordPress de este tipo de ataques.<\/div>\n","protected":false},"excerpt":{"rendered":"<p>El plugin POST SMTP Mailer &#8211; Registro de correos electr\u00f3nicos, notificaciones de fallos de entrega y mejor correo SMTP para WordPress para WordPress es vulnerable a un Cross-Site Scripting reflejado a trav\u00e9s del par\u00e1metro &#8216;msg&#8217; en todas las versiones hasta, e incluyendo, la versi\u00f3n 2.8.6 debido a una insuficiente sanitizaci\u00f3n y escape de entrada de [&hellip;]<\/p>\n","protected":false},"author":0,"featured_media":0,"comment_status":"","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[296],"class_list":["post-2542","post","type-post","status-publish","format-standard","hentry","category-uncategorized","tag-cve-2023-6629"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v21.8 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>POST SMTP Mailer &lt;= 2.8.6 - Reflected Cross-Site Scripting a trav\u00e9s del par\u00e1metro &#039;msg&#039; - SeguridadWordPress.es<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"http:\/\/127.0.0.1\/post-smtp-mailer-2-8-6-reflected-cross-site-scripting-a-traves-del-parametro-msg\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"POST SMTP Mailer &lt;= 2.8.6 - Reflected Cross-Site Scripting a trav\u00e9s del par\u00e1metro &#039;msg&#039; - SeguridadWordPress.es\" \/>\n<meta property=\"og:description\" content=\"El plugin POST SMTP Mailer &#8211; Registro de correos electr\u00f3nicos, notificaciones de fallos de entrega y mejor correo SMTP para WordPress para WordPress es vulnerable a un Cross-Site Scripting reflejado a trav\u00e9s del par\u00e1metro &#8216;msg&#8217; en todas las versiones hasta, e incluyendo, la versi\u00f3n 2.8.6 debido a una insuficiente sanitizaci\u00f3n y escape de entrada de [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"http:\/\/127.0.0.1\/post-smtp-mailer-2-8-6-reflected-cross-site-scripting-a-traves-del-parametro-msg\/\" \/>\n<meta property=\"og:site_name\" content=\"SeguridadWordPress.es\" \/>\n<meta property=\"article:published_time\" content=\"2024-01-03T13:41:49+00:00\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"http:\/\/127.0.0.1\/post-smtp-mailer-2-8-6-reflected-cross-site-scripting-a-traves-del-parametro-msg\/\",\"url\":\"http:\/\/127.0.0.1\/post-smtp-mailer-2-8-6-reflected-cross-site-scripting-a-traves-del-parametro-msg\/\",\"name\":\"POST SMTP Mailer &lt;= 2.8.6 - Reflected Cross-Site Scripting a trav\u00e9s del par\u00e1metro &#039;msg&#039; - SeguridadWordPress.es\",\"isPartOf\":{\"@id\":\"http:\/\/127.0.0.1\/#website\"},\"datePublished\":\"2024-01-03T13:41:49+00:00\",\"dateModified\":\"2024-01-03T13:41:49+00:00\",\"author\":{\"@id\":\"\"},\"breadcrumb\":{\"@id\":\"http:\/\/127.0.0.1\/post-smtp-mailer-2-8-6-reflected-cross-site-scripting-a-traves-del-parametro-msg\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"http:\/\/127.0.0.1\/post-smtp-mailer-2-8-6-reflected-cross-site-scripting-a-traves-del-parametro-msg\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"http:\/\/127.0.0.1\/post-smtp-mailer-2-8-6-reflected-cross-site-scripting-a-traves-del-parametro-msg\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"http:\/\/127.0.0.1\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"POST SMTP Mailer &lt;= 2.8.6 &#8211; Reflected Cross-Site Scripting a trav\u00e9s del par\u00e1metro &#039;msg&#039;\"}]},{\"@type\":\"WebSite\",\"@id\":\"http:\/\/127.0.0.1\/#website\",\"url\":\"http:\/\/127.0.0.1\/\",\"name\":\"SeguridadWordPress.es\",\"description\":\"Recopilaci\u00f3n de vulnerabilidades WordPress.\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"http:\/\/127.0.0.1\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"POST SMTP Mailer &lt;= 2.8.6 - Reflected Cross-Site Scripting a trav\u00e9s del par\u00e1metro &#039;msg&#039; - SeguridadWordPress.es","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"http:\/\/127.0.0.1\/post-smtp-mailer-2-8-6-reflected-cross-site-scripting-a-traves-del-parametro-msg\/","og_locale":"en_US","og_type":"article","og_title":"POST SMTP Mailer &lt;= 2.8.6 - Reflected Cross-Site Scripting a trav\u00e9s del par\u00e1metro &#039;msg&#039; - SeguridadWordPress.es","og_description":"El plugin POST SMTP Mailer &#8211; Registro de correos electr\u00f3nicos, notificaciones de fallos de entrega y mejor correo SMTP para WordPress para WordPress es vulnerable a un Cross-Site Scripting reflejado a trav\u00e9s del par\u00e1metro &#8216;msg&#8217; en todas las versiones hasta, e incluyendo, la versi\u00f3n 2.8.6 debido a una insuficiente sanitizaci\u00f3n y escape de entrada de [&hellip;]","og_url":"http:\/\/127.0.0.1\/post-smtp-mailer-2-8-6-reflected-cross-site-scripting-a-traves-del-parametro-msg\/","og_site_name":"SeguridadWordPress.es","article_published_time":"2024-01-03T13:41:49+00:00","twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"http:\/\/127.0.0.1\/post-smtp-mailer-2-8-6-reflected-cross-site-scripting-a-traves-del-parametro-msg\/","url":"http:\/\/127.0.0.1\/post-smtp-mailer-2-8-6-reflected-cross-site-scripting-a-traves-del-parametro-msg\/","name":"POST SMTP Mailer &lt;= 2.8.6 - Reflected Cross-Site Scripting a trav\u00e9s del par\u00e1metro &#039;msg&#039; - SeguridadWordPress.es","isPartOf":{"@id":"http:\/\/127.0.0.1\/#website"},"datePublished":"2024-01-03T13:41:49+00:00","dateModified":"2024-01-03T13:41:49+00:00","author":{"@id":""},"breadcrumb":{"@id":"http:\/\/127.0.0.1\/post-smtp-mailer-2-8-6-reflected-cross-site-scripting-a-traves-del-parametro-msg\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["http:\/\/127.0.0.1\/post-smtp-mailer-2-8-6-reflected-cross-site-scripting-a-traves-del-parametro-msg\/"]}]},{"@type":"BreadcrumbList","@id":"http:\/\/127.0.0.1\/post-smtp-mailer-2-8-6-reflected-cross-site-scripting-a-traves-del-parametro-msg\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"http:\/\/127.0.0.1\/"},{"@type":"ListItem","position":2,"name":"POST SMTP Mailer &lt;= 2.8.6 &#8211; Reflected Cross-Site Scripting a trav\u00e9s del par\u00e1metro &#039;msg&#039;"}]},{"@type":"WebSite","@id":"http:\/\/127.0.0.1\/#website","url":"http:\/\/127.0.0.1\/","name":"SeguridadWordPress.es","description":"Recopilaci\u00f3n de vulnerabilidades WordPress.","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"http:\/\/127.0.0.1\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"}]}},"amp_enabled":true,"_links":{"self":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts\/2542"}],"collection":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/comments?post=2542"}],"version-history":[{"count":0,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts\/2542\/revisions"}],"wp:attachment":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/media?parent=2542"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/categories?post=2542"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/tags?post=2542"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}