{"id":2701,"date":"2024-01-24T15:15:34","date_gmt":"2024-01-24T15:15:34","guid":{"rendered":"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-almacenada-en-wpfront-notification-bar-3-3-2\/"},"modified":"2024-01-24T15:15:34","modified_gmt":"2024-01-24T15:15:34","slug":"vulnerabilidad-de-cross-site-scripting-almacenada-en-wpfront-notification-bar-3-3-2","status":"publish","type":"post","link":"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-almacenada-en-wpfront-notification-bar-3-3-2\/","title":{"rendered":"Vulnerabilidad de Cross-Site Scripting almacenada en WPFront Notification Bar <= 3.3.2"},"content":{"rendered":"
El plugin WPFront Notification Bar para WordPress es vulnerable a Cross-Site Scripting almacenada a trav\u00e9s del par\u00e1metro ‘wpfront-notification-bar-options[custom_class]’ en todas las versiones hasta, e incluyendo, la 3.3.2 debido a una sanitizaci\u00f3n insuficiente de la entrada y escapado de la salida. Esto permite a atacantes autenticados, con privilegios de administrador, inyectar scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada. Esto solo afecta a instalaciones de m\u00faltiples sitios e instalaciones donde ‘unfiltered_html’ ha sido desactivado.<\/div>\n

<\/p>\n

La vulnerabilidad de Cross-Site Scripting almacenada en el plugin WPFront Notification Bar permite a atacantes autenticados, con privilegios de administrador, inyectar c\u00f3digo malicioso en p\u00e1ginas web. Esto significa que los atacantes pueden ejecutar scripts arbitrarios en el contexto del usuario afectado, lo que podr\u00eda llevar a diversas acciones maliciosas, como robo de sesiones, redireccionamiento a sitios maliciosos o incluso obtenci\u00f3n de credenciales de usuario. <\/p>\n

Para subsanar este problema, los usuarios deben actualizar el plugin a la \u00faltima versi\u00f3n disponible, donde se ha solucionado la vulnerabilidad. Adem\u00e1s, se recomienda seguir buenas pr\u00e1cticas de seguridad, como mantener el software actualizado regularmente, utilizar contrase\u00f1as seguras y evitar la utilizaci\u00f3n de plugins o temas no confiables.<\/p><\/div>\n

La vulnerabilidad de Cross-Site Scripting almacenada en el plugin WPFront Notification Bar puede ser explotada por atacantes autenticados con privilegios de administrador para ejecutar c\u00f3digo malicioso en p\u00e1ginas web. Es crucial que los usuarios actualicen el plugin a la \u00faltima versi\u00f3n y sigan buenas pr\u00e1cticas de seguridad para mitigar el riesgo de esta vulnerabilidad y proteger sus sitios WordPress.<\/div>\n","protected":false},"excerpt":{"rendered":"

El plugin WPFront Notification Bar para WordPress es vulnerable a Cross-Site Scripting almacenada a trav\u00e9s del par\u00e1metro ‘wpfront-notification-bar-options[custom_class]’ en todas las versiones hasta, e incluyendo, la 3.3.2 debido a una sanitizaci\u00f3n insuficiente de la entrada y escapado de la salida. Esto permite a atacantes autenticados, con privilegios de administrador, inyectar scripts web arbitrarios en p\u00e1ginas […]<\/p>\n","protected":false},"author":0,"featured_media":0,"comment_status":"","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[418],"class_list":["post-2701","post","type-post","status-publish","format-standard","hentry","category-uncategorized","tag-cve-2024-0625"],"yoast_head":"\nVulnerabilidad de Cross-Site Scripting almacenada en WPFront Notification Bar <= 3.3.2 - SeguridadWordPress.es<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-almacenada-en-wpfront-notification-bar-3-3-2\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Vulnerabilidad de Cross-Site Scripting almacenada en WPFront Notification Bar <= 3.3.2 - SeguridadWordPress.es\" \/>\n<meta property=\"og:description\" content=\"El plugin WPFront Notification Bar para WordPress es vulnerable a Cross-Site Scripting almacenada a trav\u00e9s del par\u00e1metro ‘wpfront-notification-bar-options[custom_class]’ en todas las versiones hasta, e incluyendo, la 3.3.2 debido a una sanitizaci\u00f3n insuficiente de la entrada y escapado de la salida. Esto permite a atacantes autenticados, con privilegios de administrador, inyectar scripts web arbitrarios en p\u00e1ginas […]\" \/>\n<meta property=\"og:url\" content=\"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-almacenada-en-wpfront-notification-bar-3-3-2\/\" \/>\n<meta property=\"og:site_name\" content=\"SeguridadWordPress.es\" \/>\n<meta property=\"article:published_time\" content=\"2024-01-24T15:15:34+00:00\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-almacenada-en-wpfront-notification-bar-3-3-2\/\",\"url\":\"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-almacenada-en-wpfront-notification-bar-3-3-2\/\",\"name\":\"Vulnerabilidad de Cross-Site Scripting almacenada en WPFront Notification Bar <= 3.3.2 - SeguridadWordPress.es\",\"isPartOf\":{\"@id\":\"http:\/\/127.0.0.1\/#website\"},\"datePublished\":\"2024-01-24T15:15:34+00:00\",\"dateModified\":\"2024-01-24T15:15:34+00:00\",\"author\":{\"@id\":\"\"},\"breadcrumb\":{\"@id\":\"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-almacenada-en-wpfront-notification-bar-3-3-2\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-almacenada-en-wpfront-notification-bar-3-3-2\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-almacenada-en-wpfront-notification-bar-3-3-2\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"http:\/\/127.0.0.1\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Vulnerabilidad de Cross-Site Scripting almacenada en WPFront Notification Bar <= 3.3.2\"}]},{\"@type\":\"WebSite\",\"@id\":\"http:\/\/127.0.0.1\/#website\",\"url\":\"http:\/\/127.0.0.1\/\",\"name\":\"SeguridadWordPress.es\",\"description\":\"Recopilaci\u00f3n de vulnerabilidades WordPress.\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"http:\/\/127.0.0.1\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Vulnerabilidad de Cross-Site Scripting almacenada en WPFront Notification Bar <= 3.3.2 - SeguridadWordPress.es","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-almacenada-en-wpfront-notification-bar-3-3-2\/","og_locale":"en_US","og_type":"article","og_title":"Vulnerabilidad de Cross-Site Scripting almacenada en WPFront Notification Bar <= 3.3.2 - SeguridadWordPress.es","og_description":"El plugin WPFront Notification Bar para WordPress es vulnerable a Cross-Site Scripting almacenada a trav\u00e9s del par\u00e1metro ‘wpfront-notification-bar-options[custom_class]’ en todas las versiones hasta, e incluyendo, la 3.3.2 debido a una sanitizaci\u00f3n insuficiente de la entrada y escapado de la salida. Esto permite a atacantes autenticados, con privilegios de administrador, inyectar scripts web arbitrarios en p\u00e1ginas […]","og_url":"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-almacenada-en-wpfront-notification-bar-3-3-2\/","og_site_name":"SeguridadWordPress.es","article_published_time":"2024-01-24T15:15:34+00:00","twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-almacenada-en-wpfront-notification-bar-3-3-2\/","url":"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-almacenada-en-wpfront-notification-bar-3-3-2\/","name":"Vulnerabilidad de Cross-Site Scripting almacenada en WPFront Notification Bar <= 3.3.2 - SeguridadWordPress.es","isPartOf":{"@id":"http:\/\/127.0.0.1\/#website"},"datePublished":"2024-01-24T15:15:34+00:00","dateModified":"2024-01-24T15:15:34+00:00","author":{"@id":""},"breadcrumb":{"@id":"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-almacenada-en-wpfront-notification-bar-3-3-2\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-almacenada-en-wpfront-notification-bar-3-3-2\/"]}]},{"@type":"BreadcrumbList","@id":"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-almacenada-en-wpfront-notification-bar-3-3-2\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"http:\/\/127.0.0.1\/"},{"@type":"ListItem","position":2,"name":"Vulnerabilidad de Cross-Site Scripting almacenada en WPFront Notification Bar <= 3.3.2"}]},{"@type":"WebSite","@id":"http:\/\/127.0.0.1\/#website","url":"http:\/\/127.0.0.1\/","name":"SeguridadWordPress.es","description":"Recopilaci\u00f3n de vulnerabilidades WordPress.","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"http:\/\/127.0.0.1\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"}]}},"amp_enabled":true,"_links":{"self":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts\/2701"}],"collection":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/comments?post=2701"}],"version-history":[{"count":0,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts\/2701\/revisions"}],"wp:attachment":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/media?parent=2701"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/categories?post=2701"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/tags?post=2701"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}