{"id":2709,"date":"2024-01-24T17:17:57","date_gmt":"2024-01-24T17:17:57","guid":{"rendered":"http:\/\/127.0.0.1\/advanced-schedule-posts-2-1-8-reflected-cross-site-scripting\/"},"modified":"2024-01-24T17:17:57","modified_gmt":"2024-01-24T17:17:57","slug":"advanced-schedule-posts-2-1-8-reflected-cross-site-scripting","status":"publish","type":"post","link":"http:\/\/127.0.0.1\/advanced-schedule-posts-2-1-8-reflected-cross-site-scripting\/","title":{"rendered":"Advanced Schedule Posts <= 2.1.8 – Reflected Cross-Site Scripting"},"content":{"rendered":"
En este informe de seguridad se revela una vulnerabilidad en el plugin Advanced Schedule Posts para WordPress, la cual permite la ejecuci\u00f3n de scripts maliciosos a trav\u00e9s de la t\u00e9cnica de Reflecci\u00f3n de Cross-Site Scripting. Esta vulnerabilidad, identificada como CVE-2024-0249, se produce debido a una falta de sanitizaci\u00f3n en la entrada de datos y una falta de escapado en la salida de datos del plugin.<\/div>\n

<\/p>\n

El plugin Advanced Schedule Posts permite la programaci\u00f3n avanzada de publicaciones en WordPress. Sin embargo, en su versi\u00f3n 2.1.8 y anteriores, presenta una vulnerabilidad que puede ser aprovechada por atacantes no autenticados para insertar scripts web maliciosos en p\u00e1ginas que se ejecutan cuando un usuario realiza una determinada acci\u00f3n, como hacer clic en un enlace.<\/p>\n

Para subsanar este problema, se recomienda a los usuarios actualizar el plugin a la \u00faltima versi\u00f3n disponible, la cual ya ha parcheado esta vulnerabilidad. Adem\u00e1s, es importante advertir a los usuarios sobre la importancia de no interactuar con enlaces sospechosos o de origen desconocido.<\/p>\n

Como medida adicional, los administradores de sitios web pueden implementar soluciones de seguridad adicionales, como firewalls de aplicaciones web (WAF) que pueden detectar y bloquear ataques de Cross-Site Scripting (XSS) de forma proactiva.<\/p><\/div>\n

La vulnerabilidad de Reflecci\u00f3n de Cross-Site Scripting en el plugin Advanced Schedule Posts puede poner en peligro la seguridad de los sitios web de WordPress que lo utilicen. Para evitar esta vulnerabilidad, se recomienda actualizar a la \u00faltima versi\u00f3n del plugin y seguir buenas pr\u00e1cticas de seguridad, como no hacer clic en enlaces sospechosos. La seguridad en WordPress debe ser una prioridad para proteger la integridad de los datos y la experiencia de los usuarios.<\/div>\n","protected":false},"excerpt":{"rendered":"

En este informe de seguridad se revela una vulnerabilidad en el plugin Advanced Schedule Posts para WordPress, la cual permite la ejecuci\u00f3n de scripts maliciosos a trav\u00e9s de la t\u00e9cnica de Reflecci\u00f3n de Cross-Site Scripting. Esta vulnerabilidad, identificada como CVE-2024-0249, se produce debido a una falta de sanitizaci\u00f3n en la entrada de datos y una […]<\/p>\n","protected":false},"author":0,"featured_media":0,"comment_status":"","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[426],"class_list":["post-2709","post","type-post","status-publish","format-standard","hentry","category-uncategorized","tag-cve-2024-0249"],"yoast_head":"\nAdvanced Schedule Posts <= 2.1.8 - Reflected Cross-Site Scripting - SeguridadWordPress.es<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"http:\/\/127.0.0.1\/advanced-schedule-posts-2-1-8-reflected-cross-site-scripting\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Advanced Schedule Posts <= 2.1.8 - Reflected Cross-Site Scripting - SeguridadWordPress.es\" \/>\n<meta property=\"og:description\" content=\"En este informe de seguridad se revela una vulnerabilidad en el plugin Advanced Schedule Posts para WordPress, la cual permite la ejecuci\u00f3n de scripts maliciosos a trav\u00e9s de la t\u00e9cnica de Reflecci\u00f3n de Cross-Site Scripting. Esta vulnerabilidad, identificada como CVE-2024-0249, se produce debido a una falta de sanitizaci\u00f3n en la entrada de datos y una […]\" \/>\n<meta property=\"og:url\" content=\"http:\/\/127.0.0.1\/advanced-schedule-posts-2-1-8-reflected-cross-site-scripting\/\" \/>\n<meta property=\"og:site_name\" content=\"SeguridadWordPress.es\" \/>\n<meta property=\"article:published_time\" content=\"2024-01-24T17:17:57+00:00\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"http:\/\/127.0.0.1\/advanced-schedule-posts-2-1-8-reflected-cross-site-scripting\/\",\"url\":\"http:\/\/127.0.0.1\/advanced-schedule-posts-2-1-8-reflected-cross-site-scripting\/\",\"name\":\"Advanced Schedule Posts <= 2.1.8 - Reflected Cross-Site Scripting - SeguridadWordPress.es\",\"isPartOf\":{\"@id\":\"http:\/\/127.0.0.1\/#website\"},\"datePublished\":\"2024-01-24T17:17:57+00:00\",\"dateModified\":\"2024-01-24T17:17:57+00:00\",\"author\":{\"@id\":\"\"},\"breadcrumb\":{\"@id\":\"http:\/\/127.0.0.1\/advanced-schedule-posts-2-1-8-reflected-cross-site-scripting\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"http:\/\/127.0.0.1\/advanced-schedule-posts-2-1-8-reflected-cross-site-scripting\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"http:\/\/127.0.0.1\/advanced-schedule-posts-2-1-8-reflected-cross-site-scripting\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"http:\/\/127.0.0.1\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Advanced Schedule Posts <= 2.1.8 – Reflected Cross-Site Scripting\"}]},{\"@type\":\"WebSite\",\"@id\":\"http:\/\/127.0.0.1\/#website\",\"url\":\"http:\/\/127.0.0.1\/\",\"name\":\"SeguridadWordPress.es\",\"description\":\"Recopilaci\u00f3n de vulnerabilidades WordPress.\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"http:\/\/127.0.0.1\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Advanced Schedule Posts <= 2.1.8 - Reflected Cross-Site Scripting - SeguridadWordPress.es","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"http:\/\/127.0.0.1\/advanced-schedule-posts-2-1-8-reflected-cross-site-scripting\/","og_locale":"en_US","og_type":"article","og_title":"Advanced Schedule Posts <= 2.1.8 - Reflected Cross-Site Scripting - SeguridadWordPress.es","og_description":"En este informe de seguridad se revela una vulnerabilidad en el plugin Advanced Schedule Posts para WordPress, la cual permite la ejecuci\u00f3n de scripts maliciosos a trav\u00e9s de la t\u00e9cnica de Reflecci\u00f3n de Cross-Site Scripting. Esta vulnerabilidad, identificada como CVE-2024-0249, se produce debido a una falta de sanitizaci\u00f3n en la entrada de datos y una […]","og_url":"http:\/\/127.0.0.1\/advanced-schedule-posts-2-1-8-reflected-cross-site-scripting\/","og_site_name":"SeguridadWordPress.es","article_published_time":"2024-01-24T17:17:57+00:00","twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"http:\/\/127.0.0.1\/advanced-schedule-posts-2-1-8-reflected-cross-site-scripting\/","url":"http:\/\/127.0.0.1\/advanced-schedule-posts-2-1-8-reflected-cross-site-scripting\/","name":"Advanced Schedule Posts <= 2.1.8 - Reflected Cross-Site Scripting - SeguridadWordPress.es","isPartOf":{"@id":"http:\/\/127.0.0.1\/#website"},"datePublished":"2024-01-24T17:17:57+00:00","dateModified":"2024-01-24T17:17:57+00:00","author":{"@id":""},"breadcrumb":{"@id":"http:\/\/127.0.0.1\/advanced-schedule-posts-2-1-8-reflected-cross-site-scripting\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["http:\/\/127.0.0.1\/advanced-schedule-posts-2-1-8-reflected-cross-site-scripting\/"]}]},{"@type":"BreadcrumbList","@id":"http:\/\/127.0.0.1\/advanced-schedule-posts-2-1-8-reflected-cross-site-scripting\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"http:\/\/127.0.0.1\/"},{"@type":"ListItem","position":2,"name":"Advanced Schedule Posts <= 2.1.8 – Reflected Cross-Site Scripting"}]},{"@type":"WebSite","@id":"http:\/\/127.0.0.1\/#website","url":"http:\/\/127.0.0.1\/","name":"SeguridadWordPress.es","description":"Recopilaci\u00f3n de vulnerabilidades WordPress.","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"http:\/\/127.0.0.1\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"}]}},"amp_enabled":true,"_links":{"self":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts\/2709"}],"collection":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/comments?post=2709"}],"version-history":[{"count":0,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts\/2709\/revisions"}],"wp:attachment":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/media?parent=2709"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/categories?post=2709"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/tags?post=2709"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}