{"id":2718,"date":"2024-01-24T20:16:34","date_gmt":"2024-01-24T20:16:34","guid":{"rendered":"http:\/\/127.0.0.1\/views-for-wpforms-3-2-2-cross-site-request-forgery-a-traves-de-create_view\/"},"modified":"2024-01-24T20:16:34","modified_gmt":"2024-01-24T20:16:34","slug":"views-for-wpforms-3-2-2-cross-site-request-forgery-a-traves-de-create_view","status":"publish","type":"post","link":"http:\/\/127.0.0.1\/views-for-wpforms-3-2-2-cross-site-request-forgery-a-traves-de-create_view\/","title":{"rendered":"Views for WPForms &lt;= 3.2.2 &#8211; Cross-Site Request Forgery a trav\u00e9s de create_view"},"content":{"rendered":"<div>En este art\u00edculo se abordar\u00e1 una vulnerabilidad de acceso indebido en el plugin de WordPress &#8216;Views for WPForms \u2013 Display &amp; Edit WPForms Entries on your site frontend&#8217; en todas las versiones hasta la 3.2.2, identificada con el ID CVE-2024-0374. Esta vulnerabilidad permite a atacantes no autenticados crear vistas a trav\u00e9s de una solicitud falsificada si pueden enga\u00f1ar a un administrador del sitio para que realice una acci\u00f3n, como hacer clic en un enlace.<\/div>\n<p><\/p>\n<div>La vulnerabilidad se encuentra en la funci\u00f3n &#8216;create_view&#8217; del plugin Views for WPForms. Esta funci\u00f3n carece de validaci\u00f3n de nonce o presenta una validaci\u00f3n incorrecta, lo que permite realizar ataques de Cross-Site Request Forgery (CSRF). Los atacantes pueden aprovechar esto para crear vistas en el sitio web comprometido.<\/p>\n<p>Para subsanar este problema, se recomienda a los usuarios actualizar el plugin a la \u00faltima versi\u00f3n disponible. Adem\u00e1s, es fundamental mantener todos los plugins y temas actualizados, as\u00ed como tener en cuenta las siguientes medidas de seguridad adicionales:<\/p>\n<p>1. Evitar hacer clic en enlaces sospechosos o provenientes de fuentes no confiables.<br \/>\n2. Implementar pol\u00edticas de acceso adecuadas para los usuarios del sitio, asegur\u00e1ndose de que solo los administradores tengan privilegios para realizar acciones cr\u00edticas.<br \/>\n3. Utilizar plugins de seguridad que puedan ayudar a detectar y prevenir ataques CSRF y otros tipos de vulnerabilidades comunes.<br \/>\n4. Monitorear regularmente las actualizaciones de seguridad de los plugins utilizados y aplicarlas de inmediato.<br \/>\n5. Realizar copias de seguridad peri\u00f3dicas del sitio web y almacenarlas de forma segura fuera del servidor.<\/p><\/div>\n<div>La vulnerabilidad de Cross-Site Request Forgery en el plugin Views for WPForms es un riesgo significativo para la seguridad de los sitios web de WordPress. Los usuarios deben tomar las medidas necesarias para actualizar sus plugins, implementar buenas pr\u00e1cticas de seguridad y estar alerta ante posibles amenazas. Mantener el software actualizado y seguir las mejores pr\u00e1cticas de seguridad puede ayudar a mitigar los riesgos y asegurar la integridad de los sitios web.<\/div>\n","protected":false},"excerpt":{"rendered":"<p>En este art\u00edculo se abordar\u00e1 una vulnerabilidad de acceso indebido en el plugin de WordPress &#8216;Views for WPForms \u2013 Display &amp; Edit WPForms Entries on your site frontend&#8217; en todas las versiones hasta la 3.2.2, identificada con el ID CVE-2024-0374. Esta vulnerabilidad permite a atacantes no autenticados crear vistas a trav\u00e9s de una solicitud falsificada [&hellip;]<\/p>\n","protected":false},"author":0,"featured_media":0,"comment_status":"","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[435],"class_list":["post-2718","post","type-post","status-publish","format-standard","hentry","category-uncategorized","tag-cve-2024-0374"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v21.8 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Views for WPForms &lt;= 3.2.2 - Cross-Site Request Forgery a trav\u00e9s de create_view - SeguridadWordPress.es<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"http:\/\/127.0.0.1\/views-for-wpforms-3-2-2-cross-site-request-forgery-a-traves-de-create_view\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Views for WPForms &lt;= 3.2.2 - Cross-Site Request Forgery a trav\u00e9s de create_view - SeguridadWordPress.es\" \/>\n<meta property=\"og:description\" content=\"En este art\u00edculo se abordar\u00e1 una vulnerabilidad de acceso indebido en el plugin de WordPress &#8216;Views for WPForms \u2013 Display &amp; Edit WPForms Entries on your site frontend&#8217; en todas las versiones hasta la 3.2.2, identificada con el ID CVE-2024-0374. Esta vulnerabilidad permite a atacantes no autenticados crear vistas a trav\u00e9s de una solicitud falsificada [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"http:\/\/127.0.0.1\/views-for-wpforms-3-2-2-cross-site-request-forgery-a-traves-de-create_view\/\" \/>\n<meta property=\"og:site_name\" content=\"SeguridadWordPress.es\" \/>\n<meta property=\"article:published_time\" content=\"2024-01-24T20:16:34+00:00\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"http:\/\/127.0.0.1\/views-for-wpforms-3-2-2-cross-site-request-forgery-a-traves-de-create_view\/\",\"url\":\"http:\/\/127.0.0.1\/views-for-wpforms-3-2-2-cross-site-request-forgery-a-traves-de-create_view\/\",\"name\":\"Views for WPForms &lt;= 3.2.2 - Cross-Site Request Forgery a trav\u00e9s de create_view - SeguridadWordPress.es\",\"isPartOf\":{\"@id\":\"http:\/\/127.0.0.1\/#website\"},\"datePublished\":\"2024-01-24T20:16:34+00:00\",\"dateModified\":\"2024-01-24T20:16:34+00:00\",\"author\":{\"@id\":\"\"},\"breadcrumb\":{\"@id\":\"http:\/\/127.0.0.1\/views-for-wpforms-3-2-2-cross-site-request-forgery-a-traves-de-create_view\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"http:\/\/127.0.0.1\/views-for-wpforms-3-2-2-cross-site-request-forgery-a-traves-de-create_view\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"http:\/\/127.0.0.1\/views-for-wpforms-3-2-2-cross-site-request-forgery-a-traves-de-create_view\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"http:\/\/127.0.0.1\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Views for WPForms &lt;= 3.2.2 &#8211; Cross-Site Request Forgery a trav\u00e9s de create_view\"}]},{\"@type\":\"WebSite\",\"@id\":\"http:\/\/127.0.0.1\/#website\",\"url\":\"http:\/\/127.0.0.1\/\",\"name\":\"SeguridadWordPress.es\",\"description\":\"Recopilaci\u00f3n de vulnerabilidades WordPress.\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"http:\/\/127.0.0.1\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Views for WPForms &lt;= 3.2.2 - Cross-Site Request Forgery a trav\u00e9s de create_view - SeguridadWordPress.es","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"http:\/\/127.0.0.1\/views-for-wpforms-3-2-2-cross-site-request-forgery-a-traves-de-create_view\/","og_locale":"en_US","og_type":"article","og_title":"Views for WPForms &lt;= 3.2.2 - Cross-Site Request Forgery a trav\u00e9s de create_view - SeguridadWordPress.es","og_description":"En este art\u00edculo se abordar\u00e1 una vulnerabilidad de acceso indebido en el plugin de WordPress &#8216;Views for WPForms \u2013 Display &amp; Edit WPForms Entries on your site frontend&#8217; en todas las versiones hasta la 3.2.2, identificada con el ID CVE-2024-0374. Esta vulnerabilidad permite a atacantes no autenticados crear vistas a trav\u00e9s de una solicitud falsificada [&hellip;]","og_url":"http:\/\/127.0.0.1\/views-for-wpforms-3-2-2-cross-site-request-forgery-a-traves-de-create_view\/","og_site_name":"SeguridadWordPress.es","article_published_time":"2024-01-24T20:16:34+00:00","twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"http:\/\/127.0.0.1\/views-for-wpforms-3-2-2-cross-site-request-forgery-a-traves-de-create_view\/","url":"http:\/\/127.0.0.1\/views-for-wpforms-3-2-2-cross-site-request-forgery-a-traves-de-create_view\/","name":"Views for WPForms &lt;= 3.2.2 - Cross-Site Request Forgery a trav\u00e9s de create_view - SeguridadWordPress.es","isPartOf":{"@id":"http:\/\/127.0.0.1\/#website"},"datePublished":"2024-01-24T20:16:34+00:00","dateModified":"2024-01-24T20:16:34+00:00","author":{"@id":""},"breadcrumb":{"@id":"http:\/\/127.0.0.1\/views-for-wpforms-3-2-2-cross-site-request-forgery-a-traves-de-create_view\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["http:\/\/127.0.0.1\/views-for-wpforms-3-2-2-cross-site-request-forgery-a-traves-de-create_view\/"]}]},{"@type":"BreadcrumbList","@id":"http:\/\/127.0.0.1\/views-for-wpforms-3-2-2-cross-site-request-forgery-a-traves-de-create_view\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"http:\/\/127.0.0.1\/"},{"@type":"ListItem","position":2,"name":"Views for WPForms &lt;= 3.2.2 &#8211; Cross-Site Request Forgery a trav\u00e9s de create_view"}]},{"@type":"WebSite","@id":"http:\/\/127.0.0.1\/#website","url":"http:\/\/127.0.0.1\/","name":"SeguridadWordPress.es","description":"Recopilaci\u00f3n de vulnerabilidades WordPress.","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"http:\/\/127.0.0.1\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"}]}},"amp_enabled":true,"_links":{"self":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts\/2718"}],"collection":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/comments?post=2718"}],"version-history":[{"count":0,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts\/2718\/revisions"}],"wp:attachment":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/media?parent=2718"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/categories?post=2718"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/tags?post=2718"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}