{"id":2688,"date":"2024-01-19T20:15:22","date_gmt":"2024-01-19T20:15:22","guid":{"rendered":"http:\/\/127.0.0.1\/wpforms-pro-1-8-5-3-cross-site-scripting-almacenado-sin-autenticacion-a-traves-del-envio-de-formularios\/"},"modified":"2024-01-19T20:15:22","modified_gmt":"2024-01-19T20:15:22","slug":"wpforms-pro-1-8-5-3-cross-site-scripting-almacenado-sin-autenticacion-a-traves-del-envio-de-formularios","status":"publish","type":"post","link":"http:\/\/127.0.0.1\/wpforms-pro-1-8-5-3-cross-site-scripting-almacenado-sin-autenticacion-a-traves-del-envio-de-formularios\/","title":{"rendered":"WPForms Pro <= 1.8.5.3 – Cross-Site Scripting almacenado sin autenticaci\u00f3n a trav\u00e9s del env\u00edo de formularios"},"content":{"rendered":"
En este art\u00edculo, analizaremos una vulnerabilidad de seguridad en el plugin WPForms Pro para WordPress, que permite la ejecuci\u00f3n de scripts de sitios cruzados almacenados sin autenticaci\u00f3n mediante el env\u00edo de formularios.<\/div>\n

<\/p>\n

El plugin WPForms Pro para WordPress es vulnerable a Cross-Site Scripting almacenado a trav\u00e9s de par\u00e1metros de env\u00edo de formularios en todas las versiones hasta, e incluyendo, la versi\u00f3n 1.8.5.3 debido a una sanitizaci\u00f3n insuficiente de la entrada y la falta de escapado de la salida. Esto permite a los atacantes sin autenticaci\u00f3n inyectar scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada. Para mitigar esta vulnerabilidad, se recomienda a los usuarios actualizar a la \u00faltima versi\u00f3n del plugin WPForms Pro, que soluciona este problema de seguridad. Adem\u00e1s, se sugiere implementar un WAF (Web Application Firewall) para filtrar y bloquear posibles ataques de scripts de sitios cruzados.<\/div>\n
Es crucial mantener actualizado el software de WordPress y sus plugins para protegerse contra vulnerabilidades conocidas. En el caso de WPForms Pro <= 1.8.5.3, es especialmente importante actualizar a la \u00faltima versi\u00f3n y tomar medidas adicionales para asegurar la aplicaci\u00f3n, como la implementaci\u00f3n de un WAF. Al tomar estas precauciones, los usuarios pueden mitigar el riesgo de ataques de Cross-Site Scripting almacenado en su sitio web.<\/div>\n","protected":false},"excerpt":{"rendered":"

En este art\u00edculo, analizaremos una vulnerabilidad de seguridad en el plugin WPForms Pro para WordPress, que permite la ejecuci\u00f3n de scripts de sitios cruzados almacenados sin autenticaci\u00f3n mediante el env\u00edo de formularios. El plugin WPForms Pro para WordPress es vulnerable a Cross-Site Scripting almacenado a trav\u00e9s de par\u00e1metros de env\u00edo de formularios en todas las […]<\/p>\n","protected":false},"author":0,"featured_media":0,"comment_status":"","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[406],"class_list":["post-2688","post","type-post","status-publish","format-standard","hentry","category-uncategorized","tag-cve-2023-7063"],"yoast_head":"\nWPForms Pro <= 1.8.5.3 - Cross-Site Scripting almacenado sin autenticaci\u00f3n a trav\u00e9s del env\u00edo de formularios - SeguridadWordPress.es<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"http:\/\/127.0.0.1\/wpforms-pro-1-8-5-3-cross-site-scripting-almacenado-sin-autenticacion-a-traves-del-envio-de-formularios\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"WPForms Pro <= 1.8.5.3 - Cross-Site Scripting almacenado sin autenticaci\u00f3n a trav\u00e9s del env\u00edo de formularios - SeguridadWordPress.es\" \/>\n<meta property=\"og:description\" content=\"En este art\u00edculo, analizaremos una vulnerabilidad de seguridad en el plugin WPForms Pro para WordPress, que permite la ejecuci\u00f3n de scripts de sitios cruzados almacenados sin autenticaci\u00f3n mediante el env\u00edo de formularios. El plugin WPForms Pro para WordPress es vulnerable a Cross-Site Scripting almacenado a trav\u00e9s de par\u00e1metros de env\u00edo de formularios en todas las […]\" \/>\n<meta property=\"og:url\" content=\"http:\/\/127.0.0.1\/wpforms-pro-1-8-5-3-cross-site-scripting-almacenado-sin-autenticacion-a-traves-del-envio-de-formularios\/\" \/>\n<meta property=\"og:site_name\" content=\"SeguridadWordPress.es\" \/>\n<meta property=\"article:published_time\" content=\"2024-01-19T20:15:22+00:00\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"http:\/\/127.0.0.1\/wpforms-pro-1-8-5-3-cross-site-scripting-almacenado-sin-autenticacion-a-traves-del-envio-de-formularios\/\",\"url\":\"http:\/\/127.0.0.1\/wpforms-pro-1-8-5-3-cross-site-scripting-almacenado-sin-autenticacion-a-traves-del-envio-de-formularios\/\",\"name\":\"WPForms Pro <= 1.8.5.3 - Cross-Site Scripting almacenado sin autenticaci\u00f3n a trav\u00e9s del env\u00edo de formularios - SeguridadWordPress.es\",\"isPartOf\":{\"@id\":\"http:\/\/127.0.0.1\/#website\"},\"datePublished\":\"2024-01-19T20:15:22+00:00\",\"dateModified\":\"2024-01-19T20:15:22+00:00\",\"author\":{\"@id\":\"\"},\"breadcrumb\":{\"@id\":\"http:\/\/127.0.0.1\/wpforms-pro-1-8-5-3-cross-site-scripting-almacenado-sin-autenticacion-a-traves-del-envio-de-formularios\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"http:\/\/127.0.0.1\/wpforms-pro-1-8-5-3-cross-site-scripting-almacenado-sin-autenticacion-a-traves-del-envio-de-formularios\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"http:\/\/127.0.0.1\/wpforms-pro-1-8-5-3-cross-site-scripting-almacenado-sin-autenticacion-a-traves-del-envio-de-formularios\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"http:\/\/127.0.0.1\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"WPForms Pro <= 1.8.5.3 – Cross-Site Scripting almacenado sin autenticaci\u00f3n a trav\u00e9s del env\u00edo de formularios\"}]},{\"@type\":\"WebSite\",\"@id\":\"http:\/\/127.0.0.1\/#website\",\"url\":\"http:\/\/127.0.0.1\/\",\"name\":\"SeguridadWordPress.es\",\"description\":\"Recopilaci\u00f3n de vulnerabilidades WordPress.\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"http:\/\/127.0.0.1\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"WPForms Pro <= 1.8.5.3 - Cross-Site Scripting almacenado sin autenticaci\u00f3n a trav\u00e9s del env\u00edo de formularios - SeguridadWordPress.es","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"http:\/\/127.0.0.1\/wpforms-pro-1-8-5-3-cross-site-scripting-almacenado-sin-autenticacion-a-traves-del-envio-de-formularios\/","og_locale":"en_US","og_type":"article","og_title":"WPForms Pro <= 1.8.5.3 - Cross-Site Scripting almacenado sin autenticaci\u00f3n a trav\u00e9s del env\u00edo de formularios - SeguridadWordPress.es","og_description":"En este art\u00edculo, analizaremos una vulnerabilidad de seguridad en el plugin WPForms Pro para WordPress, que permite la ejecuci\u00f3n de scripts de sitios cruzados almacenados sin autenticaci\u00f3n mediante el env\u00edo de formularios. El plugin WPForms Pro para WordPress es vulnerable a Cross-Site Scripting almacenado a trav\u00e9s de par\u00e1metros de env\u00edo de formularios en todas las […]","og_url":"http:\/\/127.0.0.1\/wpforms-pro-1-8-5-3-cross-site-scripting-almacenado-sin-autenticacion-a-traves-del-envio-de-formularios\/","og_site_name":"SeguridadWordPress.es","article_published_time":"2024-01-19T20:15:22+00:00","twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"http:\/\/127.0.0.1\/wpforms-pro-1-8-5-3-cross-site-scripting-almacenado-sin-autenticacion-a-traves-del-envio-de-formularios\/","url":"http:\/\/127.0.0.1\/wpforms-pro-1-8-5-3-cross-site-scripting-almacenado-sin-autenticacion-a-traves-del-envio-de-formularios\/","name":"WPForms Pro <= 1.8.5.3 - Cross-Site Scripting almacenado sin autenticaci\u00f3n a trav\u00e9s del env\u00edo de formularios - SeguridadWordPress.es","isPartOf":{"@id":"http:\/\/127.0.0.1\/#website"},"datePublished":"2024-01-19T20:15:22+00:00","dateModified":"2024-01-19T20:15:22+00:00","author":{"@id":""},"breadcrumb":{"@id":"http:\/\/127.0.0.1\/wpforms-pro-1-8-5-3-cross-site-scripting-almacenado-sin-autenticacion-a-traves-del-envio-de-formularios\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["http:\/\/127.0.0.1\/wpforms-pro-1-8-5-3-cross-site-scripting-almacenado-sin-autenticacion-a-traves-del-envio-de-formularios\/"]}]},{"@type":"BreadcrumbList","@id":"http:\/\/127.0.0.1\/wpforms-pro-1-8-5-3-cross-site-scripting-almacenado-sin-autenticacion-a-traves-del-envio-de-formularios\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"http:\/\/127.0.0.1\/"},{"@type":"ListItem","position":2,"name":"WPForms Pro <= 1.8.5.3 – Cross-Site Scripting almacenado sin autenticaci\u00f3n a trav\u00e9s del env\u00edo de formularios"}]},{"@type":"WebSite","@id":"http:\/\/127.0.0.1\/#website","url":"http:\/\/127.0.0.1\/","name":"SeguridadWordPress.es","description":"Recopilaci\u00f3n de vulnerabilidades WordPress.","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"http:\/\/127.0.0.1\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"}]}},"amp_enabled":true,"_links":{"self":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts\/2688"}],"collection":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/comments?post=2688"}],"version-history":[{"count":0,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts\/2688\/revisions"}],"wp:attachment":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/media?parent=2688"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/categories?post=2688"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/tags?post=2688"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}