{"id":2691,"date":"2024-01-22T16:15:24","date_gmt":"2024-01-22T16:15:24","guid":{"rendered":"http:\/\/127.0.0.1\/pdf-generator-for-fluent-forms-1-1-7-cross-site-scripting\/"},"modified":"2024-01-22T16:15:24","modified_gmt":"2024-01-22T16:15:24","slug":"pdf-generator-for-fluent-forms-1-1-7-cross-site-scripting","status":"publish","type":"post","link":"http:\/\/127.0.0.1\/pdf-generator-for-fluent-forms-1-1-7-cross-site-scripting\/","title":{"rendered":"PDF Generator For Fluent Forms <= 1.1.7 – Cross-Site Scripting"},"content":{"rendered":"
En este art\u00edculo se aborda una vulnerabilidad de tipo Cross-Site Scripting en el plugin PDF Generator for Fluent Forms, utilizado para crear formularios de contacto en WordPress.<\/div>\n

<\/p>\n

El plugin PDF Generator For Fluent Forms \u2013 The Contact Form Plugin, en sus versiones hasta la 1.1.7, presenta una vulnerabilidad de tipo Stored Cross-Site Scripting. Esta vulnerabilidad se debe a una sanitizaci\u00f3n insuficiente de la entrada y a una escapada inadecuada de la salida en los par\u00e1metros de contenido del encabezado, cuerpo y pie de p\u00e1gina del PDF generado. Como resultado, un atacante puede inyectar scripts web arbitrarios en las p\u00e1ginas, los cuales se ejecutar\u00e1n cada vez que un usuario acceda a una de las p\u00e1ginas afectadas. El nivel de explotaci\u00f3n de esta vulnerabilidad depender\u00e1 de los privilegios concedidos por un administrador a los diferentes usuarios del sistema, que puede ser tan bajo como el rol de contribuyente, aunque por defecto es de administrador.<\/div>\n
Para subsanar esta vulnerabilidad, se recomienda actualizar a la \u00faltima versi\u00f3n disponible del plugin PDF Generator For Fluent Forms, la cual contiene las correcciones necesarias para mitigar este tipo de ataques. Adem\u00e1s, es importante mantener actualizado todo el software utilizado en el sitio web y seguir buenas pr\u00e1cticas de seguridad, como limitar los privilegios de los usuarios y realizar una adecuada validaci\u00f3n y sanitizaci\u00f3n de las entradas y salidas de datos en todas las partes del sitio.<\/div>\n","protected":false},"excerpt":{"rendered":"

En este art\u00edculo se aborda una vulnerabilidad de tipo Cross-Site Scripting en el plugin PDF Generator for Fluent Forms, utilizado para crear formularios de contacto en WordPress. El plugin PDF Generator For Fluent Forms \u2013 The Contact Form Plugin, en sus versiones hasta la 1.1.7, presenta una vulnerabilidad de tipo Stored Cross-Site Scripting. Esta vulnerabilidad […]<\/p>\n","protected":false},"author":0,"featured_media":0,"comment_status":"","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[408],"class_list":["post-2691","post","type-post","status-publish","format-standard","hentry","category-uncategorized","tag-cve-2023-6953"],"yoast_head":"\nPDF Generator For Fluent Forms <= 1.1.7 - Cross-Site Scripting - SeguridadWordPress.es<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"http:\/\/127.0.0.1\/pdf-generator-for-fluent-forms-1-1-7-cross-site-scripting\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"PDF Generator For Fluent Forms <= 1.1.7 - Cross-Site Scripting - SeguridadWordPress.es\" \/>\n<meta property=\"og:description\" content=\"En este art\u00edculo se aborda una vulnerabilidad de tipo Cross-Site Scripting en el plugin PDF Generator for Fluent Forms, utilizado para crear formularios de contacto en WordPress. El plugin PDF Generator For Fluent Forms \u2013 The Contact Form Plugin, en sus versiones hasta la 1.1.7, presenta una vulnerabilidad de tipo Stored Cross-Site Scripting. Esta vulnerabilidad […]\" \/>\n<meta property=\"og:url\" content=\"http:\/\/127.0.0.1\/pdf-generator-for-fluent-forms-1-1-7-cross-site-scripting\/\" \/>\n<meta property=\"og:site_name\" content=\"SeguridadWordPress.es\" \/>\n<meta property=\"article:published_time\" content=\"2024-01-22T16:15:24+00:00\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"http:\/\/127.0.0.1\/pdf-generator-for-fluent-forms-1-1-7-cross-site-scripting\/\",\"url\":\"http:\/\/127.0.0.1\/pdf-generator-for-fluent-forms-1-1-7-cross-site-scripting\/\",\"name\":\"PDF Generator For Fluent Forms <= 1.1.7 - Cross-Site Scripting - SeguridadWordPress.es\",\"isPartOf\":{\"@id\":\"http:\/\/127.0.0.1\/#website\"},\"datePublished\":\"2024-01-22T16:15:24+00:00\",\"dateModified\":\"2024-01-22T16:15:24+00:00\",\"author\":{\"@id\":\"\"},\"breadcrumb\":{\"@id\":\"http:\/\/127.0.0.1\/pdf-generator-for-fluent-forms-1-1-7-cross-site-scripting\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"http:\/\/127.0.0.1\/pdf-generator-for-fluent-forms-1-1-7-cross-site-scripting\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"http:\/\/127.0.0.1\/pdf-generator-for-fluent-forms-1-1-7-cross-site-scripting\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"http:\/\/127.0.0.1\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"PDF Generator For Fluent Forms <= 1.1.7 – Cross-Site Scripting\"}]},{\"@type\":\"WebSite\",\"@id\":\"http:\/\/127.0.0.1\/#website\",\"url\":\"http:\/\/127.0.0.1\/\",\"name\":\"SeguridadWordPress.es\",\"description\":\"Recopilaci\u00f3n de vulnerabilidades WordPress.\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"http:\/\/127.0.0.1\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"PDF Generator For Fluent Forms <= 1.1.7 - Cross-Site Scripting - SeguridadWordPress.es","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"http:\/\/127.0.0.1\/pdf-generator-for-fluent-forms-1-1-7-cross-site-scripting\/","og_locale":"en_US","og_type":"article","og_title":"PDF Generator For Fluent Forms <= 1.1.7 - Cross-Site Scripting - SeguridadWordPress.es","og_description":"En este art\u00edculo se aborda una vulnerabilidad de tipo Cross-Site Scripting en el plugin PDF Generator for Fluent Forms, utilizado para crear formularios de contacto en WordPress. El plugin PDF Generator For Fluent Forms \u2013 The Contact Form Plugin, en sus versiones hasta la 1.1.7, presenta una vulnerabilidad de tipo Stored Cross-Site Scripting. Esta vulnerabilidad […]","og_url":"http:\/\/127.0.0.1\/pdf-generator-for-fluent-forms-1-1-7-cross-site-scripting\/","og_site_name":"SeguridadWordPress.es","article_published_time":"2024-01-22T16:15:24+00:00","twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"http:\/\/127.0.0.1\/pdf-generator-for-fluent-forms-1-1-7-cross-site-scripting\/","url":"http:\/\/127.0.0.1\/pdf-generator-for-fluent-forms-1-1-7-cross-site-scripting\/","name":"PDF Generator For Fluent Forms <= 1.1.7 - Cross-Site Scripting - SeguridadWordPress.es","isPartOf":{"@id":"http:\/\/127.0.0.1\/#website"},"datePublished":"2024-01-22T16:15:24+00:00","dateModified":"2024-01-22T16:15:24+00:00","author":{"@id":""},"breadcrumb":{"@id":"http:\/\/127.0.0.1\/pdf-generator-for-fluent-forms-1-1-7-cross-site-scripting\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["http:\/\/127.0.0.1\/pdf-generator-for-fluent-forms-1-1-7-cross-site-scripting\/"]}]},{"@type":"BreadcrumbList","@id":"http:\/\/127.0.0.1\/pdf-generator-for-fluent-forms-1-1-7-cross-site-scripting\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"http:\/\/127.0.0.1\/"},{"@type":"ListItem","position":2,"name":"PDF Generator For Fluent Forms <= 1.1.7 – Cross-Site Scripting"}]},{"@type":"WebSite","@id":"http:\/\/127.0.0.1\/#website","url":"http:\/\/127.0.0.1\/","name":"SeguridadWordPress.es","description":"Recopilaci\u00f3n de vulnerabilidades WordPress.","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"http:\/\/127.0.0.1\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"}]}},"amp_enabled":true,"_links":{"self":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts\/2691"}],"collection":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/comments?post=2691"}],"version-history":[{"count":0,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts\/2691\/revisions"}],"wp:attachment":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/media?parent=2691"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/categories?post=2691"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/tags?post=2691"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}