{"id":2686,"date":"2024-01-19T18:16:27","date_gmt":"2024-01-19T18:16:27","guid":{"rendered":"http:\/\/127.0.0.1\/vulnerabilidad-de-traversal-de-directorios-en-el-complemento-photo-gallery-by-10web-para-wordpress\/"},"modified":"2024-01-19T18:16:27","modified_gmt":"2024-01-19T18:16:27","slug":"vulnerabilidad-de-traversal-de-directorios-en-el-complemento-photo-gallery-by-10web-para-wordpress","status":"publish","type":"post","link":"http:\/\/127.0.0.1\/vulnerabilidad-de-traversal-de-directorios-en-el-complemento-photo-gallery-by-10web-para-wordpress\/","title":{"rendered":"Vulnerabilidad de Traversal de Directorios en el complemento Photo Gallery by 10Web para WordPress"},"content":{"rendered":"<div>En este art\u00edculo, discutiremos una vulnerabilidad de Traversal de Directorios en el complemento Photo Gallery by 10Web &#8211; Mobile-Friendly Image Gallery para WordPress. Esta vulnerabilidad puede permitir a atacantes autenticados renombrar archivos arbitrarios en el servidor, lo que podr\u00eda llevar a un compromiso del sitio.<\/div>\n<p><\/p>\n<div>El complemento Photo Gallery by 10Web &#8211; Mobile-Friendly Image Gallery para WordPress es vulnerable a la vulnerabilidad de Traversal de Directorios en todas las versiones hasta, e incluyendo, la versi\u00f3n 1.8.19 a trav\u00e9s de la funci\u00f3n rename_item. Esto permite a los atacantes autenticados renombrar archivos arbitrarios en el servidor. Si se puede renombrar el archivo wp-config.php de un sitio, esto puede conducir a una toma de control del sitio. Por defecto, esta vulnerabilidad solo puede ser explotada por administradores. Sin embargo, en la versi\u00f3n premium del complemento, los administradores pueden otorgar permisos de gesti\u00f3n de galer\u00edas a usuarios de niveles inferiores, lo que podr\u00eda hacer que esta vulnerabilidad fuera explotable incluso por usuarios con roles m\u00e1s bajos, como colaboradores.<\/div>\n<div>Para protegerse contra esta vulnerabilidad, se recomienda actualizar el complemento Photo Gallery by 10Web &#8211; Mobile-Friendly Image Gallery a la \u00faltima versi\u00f3n disponible. Adem\u00e1s, se debe tener cuidado al otorgar permisos de gesti\u00f3n de galer\u00edas a usuarios de niveles inferiores en la versi\u00f3n premium del complemento. Mantener todos los complementos y temas de WordPress actualizados y realizar regularmente copias de seguridad del sitio tambi\u00e9n son buenas pr\u00e1cticas para garantizar la seguridad del sitio.<\/div>\n","protected":false},"excerpt":{"rendered":"<p>En este art\u00edculo, discutiremos una vulnerabilidad de Traversal de Directorios en el complemento Photo Gallery by 10Web &#8211; Mobile-Friendly Image Gallery para WordPress. Esta vulnerabilidad puede permitir a atacantes autenticados renombrar archivos arbitrarios en el servidor, lo que podr\u00eda llevar a un compromiso del sitio. El complemento Photo Gallery by 10Web &#8211; Mobile-Friendly Image Gallery [&hellip;]<\/p>\n","protected":false},"author":0,"featured_media":0,"comment_status":"","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[404],"class_list":["post-2686","post","type-post","status-publish","format-standard","hentry","category-uncategorized","tag-cve-2024-0221"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v21.8 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Vulnerabilidad de Traversal de Directorios en el complemento Photo Gallery by 10Web para WordPress - SeguridadWordPress.es<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"http:\/\/127.0.0.1\/vulnerabilidad-de-traversal-de-directorios-en-el-complemento-photo-gallery-by-10web-para-wordpress\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Vulnerabilidad de Traversal de Directorios en el complemento Photo Gallery by 10Web para WordPress - SeguridadWordPress.es\" \/>\n<meta property=\"og:description\" content=\"En este art\u00edculo, discutiremos una vulnerabilidad de Traversal de Directorios en el complemento Photo Gallery by 10Web &#8211; Mobile-Friendly Image Gallery para WordPress. Esta vulnerabilidad puede permitir a atacantes autenticados renombrar archivos arbitrarios en el servidor, lo que podr\u00eda llevar a un compromiso del sitio. El complemento Photo Gallery by 10Web &#8211; Mobile-Friendly Image Gallery [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"http:\/\/127.0.0.1\/vulnerabilidad-de-traversal-de-directorios-en-el-complemento-photo-gallery-by-10web-para-wordpress\/\" \/>\n<meta property=\"og:site_name\" content=\"SeguridadWordPress.es\" \/>\n<meta property=\"article:published_time\" content=\"2024-01-19T18:16:27+00:00\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"http:\/\/127.0.0.1\/vulnerabilidad-de-traversal-de-directorios-en-el-complemento-photo-gallery-by-10web-para-wordpress\/\",\"url\":\"http:\/\/127.0.0.1\/vulnerabilidad-de-traversal-de-directorios-en-el-complemento-photo-gallery-by-10web-para-wordpress\/\",\"name\":\"Vulnerabilidad de Traversal de Directorios en el complemento Photo Gallery by 10Web para WordPress - SeguridadWordPress.es\",\"isPartOf\":{\"@id\":\"http:\/\/127.0.0.1\/#website\"},\"datePublished\":\"2024-01-19T18:16:27+00:00\",\"dateModified\":\"2024-01-19T18:16:27+00:00\",\"author\":{\"@id\":\"\"},\"breadcrumb\":{\"@id\":\"http:\/\/127.0.0.1\/vulnerabilidad-de-traversal-de-directorios-en-el-complemento-photo-gallery-by-10web-para-wordpress\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"http:\/\/127.0.0.1\/vulnerabilidad-de-traversal-de-directorios-en-el-complemento-photo-gallery-by-10web-para-wordpress\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"http:\/\/127.0.0.1\/vulnerabilidad-de-traversal-de-directorios-en-el-complemento-photo-gallery-by-10web-para-wordpress\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"http:\/\/127.0.0.1\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Vulnerabilidad de Traversal de Directorios en el complemento Photo Gallery by 10Web para WordPress\"}]},{\"@type\":\"WebSite\",\"@id\":\"http:\/\/127.0.0.1\/#website\",\"url\":\"http:\/\/127.0.0.1\/\",\"name\":\"SeguridadWordPress.es\",\"description\":\"Recopilaci\u00f3n de vulnerabilidades WordPress.\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"http:\/\/127.0.0.1\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Vulnerabilidad de Traversal de Directorios en el complemento Photo Gallery by 10Web para WordPress - SeguridadWordPress.es","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"http:\/\/127.0.0.1\/vulnerabilidad-de-traversal-de-directorios-en-el-complemento-photo-gallery-by-10web-para-wordpress\/","og_locale":"en_US","og_type":"article","og_title":"Vulnerabilidad de Traversal de Directorios en el complemento Photo Gallery by 10Web para WordPress - SeguridadWordPress.es","og_description":"En este art\u00edculo, discutiremos una vulnerabilidad de Traversal de Directorios en el complemento Photo Gallery by 10Web &#8211; Mobile-Friendly Image Gallery para WordPress. Esta vulnerabilidad puede permitir a atacantes autenticados renombrar archivos arbitrarios en el servidor, lo que podr\u00eda llevar a un compromiso del sitio. El complemento Photo Gallery by 10Web &#8211; Mobile-Friendly Image Gallery [&hellip;]","og_url":"http:\/\/127.0.0.1\/vulnerabilidad-de-traversal-de-directorios-en-el-complemento-photo-gallery-by-10web-para-wordpress\/","og_site_name":"SeguridadWordPress.es","article_published_time":"2024-01-19T18:16:27+00:00","twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"http:\/\/127.0.0.1\/vulnerabilidad-de-traversal-de-directorios-en-el-complemento-photo-gallery-by-10web-para-wordpress\/","url":"http:\/\/127.0.0.1\/vulnerabilidad-de-traversal-de-directorios-en-el-complemento-photo-gallery-by-10web-para-wordpress\/","name":"Vulnerabilidad de Traversal de Directorios en el complemento Photo Gallery by 10Web para WordPress - SeguridadWordPress.es","isPartOf":{"@id":"http:\/\/127.0.0.1\/#website"},"datePublished":"2024-01-19T18:16:27+00:00","dateModified":"2024-01-19T18:16:27+00:00","author":{"@id":""},"breadcrumb":{"@id":"http:\/\/127.0.0.1\/vulnerabilidad-de-traversal-de-directorios-en-el-complemento-photo-gallery-by-10web-para-wordpress\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["http:\/\/127.0.0.1\/vulnerabilidad-de-traversal-de-directorios-en-el-complemento-photo-gallery-by-10web-para-wordpress\/"]}]},{"@type":"BreadcrumbList","@id":"http:\/\/127.0.0.1\/vulnerabilidad-de-traversal-de-directorios-en-el-complemento-photo-gallery-by-10web-para-wordpress\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"http:\/\/127.0.0.1\/"},{"@type":"ListItem","position":2,"name":"Vulnerabilidad de Traversal de Directorios en el complemento Photo Gallery by 10Web para WordPress"}]},{"@type":"WebSite","@id":"http:\/\/127.0.0.1\/#website","url":"http:\/\/127.0.0.1\/","name":"SeguridadWordPress.es","description":"Recopilaci\u00f3n de vulnerabilidades WordPress.","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"http:\/\/127.0.0.1\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"}]}},"amp_enabled":true,"_links":{"self":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts\/2686"}],"collection":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/comments?post=2686"}],"version-history":[{"count":0,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts\/2686\/revisions"}],"wp:attachment":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/media?parent=2686"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/categories?post=2686"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/tags?post=2686"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}