{"id":2746,"date":"2024-01-30T19:15:37","date_gmt":"2024-01-30T19:15:37","guid":{"rendered":"http:\/\/127.0.0.1\/wolf-editor-y-gestor-de-entradas-de-wordpress-1-0-8-1-cross-site-request-forgery\/"},"modified":"2024-01-30T19:15:37","modified_gmt":"2024-01-30T19:15:37","slug":"wolf-editor-y-gestor-de-entradas-de-wordpress-1-0-8-1-cross-site-request-forgery","status":"publish","type":"post","link":"http:\/\/127.0.0.1\/wolf-editor-y-gestor-de-entradas-de-wordpress-1-0-8-1-cross-site-request-forgery\/","title":{"rendered":"WOLF – Editor y Gestor de Entradas de WordPress <= 1.0.8.1 – Cross-Site Request Forgery"},"content":{"rendered":"
El plugin de WordPress WOLF – Editor y Gestor de Entradas Profesional es vulnerable a Cross-Site Request Forgery (CSRF) en todas las versiones hasta, e incluyendo, la 1.0.8.1. Esto se debe a la falta de validaci\u00f3n de nonce o a una validaci\u00f3n incorrecta en las funciones wpbe_create_new_term, wpbe_update_tax_term y wpbe_delete_tax_term. Esto permite que atacantes no autenticados creen, modifiquen y eliminen t\u00e9rminos de taxonom\u00eda a trav\u00e9s de una solicitud falsificada, siempre y cuando puedan enga\u00f1ar a un administrador del sitio para que realice una acci\u00f3n, como hacer clic en un enlace. Adem\u00e1s, las funciones wpbe_save_options, wpbe_bulk_delete_posts_count, wpbe_bulk_delete_posts y wpbe_save_meta son vulnerables a Cross-Site Request Forgery, lo que permite la actualizaci\u00f3n de opciones del plugin, eliminaci\u00f3n de recuento de entradas, eliminaci\u00f3n de entradas y modificaci\u00f3n de metadatos de entradas a trav\u00e9s de una solicitud falsificada.<\/div>\n

<\/p>\n

Una forma de protegerse contra este tipo de ataque es utilizando medidas de seguridad adicionales, como implementar la protecci\u00f3n de nonce adecuada en las funciones mencionadas anteriormente. Los administradores del sitio deben verificar si est\u00e1n utilizando la \u00faltima versi\u00f3n del plugin WOLF y actualizarlo si es necesario. Adem\u00e1s, los usuarios pueden considerar la instalaci\u00f3n de un plugin de seguridad de WordPress confiable que incluya protecci\u00f3n contra CSRF y otras vulnerabilidades comunes. Siempre es importante estar al tanto de las actualizaciones de seguridad y seguir las mejores pr\u00e1cticas de seguridad mientras se administra un sitio de WordPress.<\/div>\n
La vulnerabilidad de Cross-Site Request Forgery en el plugin WOLF – Editor y Gestor de Entradas de WordPress puede permitir a atacantes no autenticados realizar acciones maliciosas a trav\u00e9s de solicitudes falsificadas. Es crucial que los administradores del sitio tomen medidas para proteger sus sitios, como implementar la protecci\u00f3n adecuada de nonce y mantener el plugin actualizado. Adem\u00e1s, los usuarios deben considerar la instalaci\u00f3n de herramientas de seguridad adicionales para fortalecer la protecci\u00f3n contra vulnerabilidades conocidas. La seguridad en WordPress es un aspecto fundamental que no se debe descuidar en ning\u00fan momento.<\/div>\n","protected":false},"excerpt":{"rendered":"

El plugin de WordPress WOLF – Editor y Gestor de Entradas Profesional es vulnerable a Cross-Site Request Forgery (CSRF) en todas las versiones hasta, e incluyendo, la 1.0.8.1. Esto se debe a la falta de validaci\u00f3n de nonce o a una validaci\u00f3n incorrecta en las funciones wpbe_create_new_term, wpbe_update_tax_term y wpbe_delete_tax_term. Esto permite que atacantes no […]<\/p>\n","protected":false},"author":0,"featured_media":0,"comment_status":"","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[462],"class_list":["post-2746","post","type-post","status-publish","format-standard","hentry","category-uncategorized","tag-cve-2024-0790"],"yoast_head":"\nWOLF - Editor y Gestor de Entradas de WordPress <= 1.0.8.1 - Cross-Site Request Forgery - SeguridadWordPress.es<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"http:\/\/127.0.0.1\/wolf-editor-y-gestor-de-entradas-de-wordpress-1-0-8-1-cross-site-request-forgery\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"WOLF - Editor y Gestor de Entradas de WordPress <= 1.0.8.1 - Cross-Site Request Forgery - SeguridadWordPress.es\" \/>\n<meta property=\"og:description\" content=\"El plugin de WordPress WOLF – Editor y Gestor de Entradas Profesional es vulnerable a Cross-Site Request Forgery (CSRF) en todas las versiones hasta, e incluyendo, la 1.0.8.1. Esto se debe a la falta de validaci\u00f3n de nonce o a una validaci\u00f3n incorrecta en las funciones wpbe_create_new_term, wpbe_update_tax_term y wpbe_delete_tax_term. Esto permite que atacantes no […]\" \/>\n<meta property=\"og:url\" content=\"http:\/\/127.0.0.1\/wolf-editor-y-gestor-de-entradas-de-wordpress-1-0-8-1-cross-site-request-forgery\/\" \/>\n<meta property=\"og:site_name\" content=\"SeguridadWordPress.es\" \/>\n<meta property=\"article:published_time\" content=\"2024-01-30T19:15:37+00:00\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"http:\/\/127.0.0.1\/wolf-editor-y-gestor-de-entradas-de-wordpress-1-0-8-1-cross-site-request-forgery\/\",\"url\":\"http:\/\/127.0.0.1\/wolf-editor-y-gestor-de-entradas-de-wordpress-1-0-8-1-cross-site-request-forgery\/\",\"name\":\"WOLF - Editor y Gestor de Entradas de WordPress <= 1.0.8.1 - Cross-Site Request Forgery - SeguridadWordPress.es\",\"isPartOf\":{\"@id\":\"http:\/\/127.0.0.1\/#website\"},\"datePublished\":\"2024-01-30T19:15:37+00:00\",\"dateModified\":\"2024-01-30T19:15:37+00:00\",\"author\":{\"@id\":\"\"},\"breadcrumb\":{\"@id\":\"http:\/\/127.0.0.1\/wolf-editor-y-gestor-de-entradas-de-wordpress-1-0-8-1-cross-site-request-forgery\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"http:\/\/127.0.0.1\/wolf-editor-y-gestor-de-entradas-de-wordpress-1-0-8-1-cross-site-request-forgery\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"http:\/\/127.0.0.1\/wolf-editor-y-gestor-de-entradas-de-wordpress-1-0-8-1-cross-site-request-forgery\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"http:\/\/127.0.0.1\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"WOLF – Editor y Gestor de Entradas de WordPress <= 1.0.8.1 – Cross-Site Request Forgery\"}]},{\"@type\":\"WebSite\",\"@id\":\"http:\/\/127.0.0.1\/#website\",\"url\":\"http:\/\/127.0.0.1\/\",\"name\":\"SeguridadWordPress.es\",\"description\":\"Recopilaci\u00f3n de vulnerabilidades WordPress.\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"http:\/\/127.0.0.1\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"WOLF - Editor y Gestor de Entradas de WordPress <= 1.0.8.1 - Cross-Site Request Forgery - SeguridadWordPress.es","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"http:\/\/127.0.0.1\/wolf-editor-y-gestor-de-entradas-de-wordpress-1-0-8-1-cross-site-request-forgery\/","og_locale":"en_US","og_type":"article","og_title":"WOLF - Editor y Gestor de Entradas de WordPress <= 1.0.8.1 - Cross-Site Request Forgery - SeguridadWordPress.es","og_description":"El plugin de WordPress WOLF – Editor y Gestor de Entradas Profesional es vulnerable a Cross-Site Request Forgery (CSRF) en todas las versiones hasta, e incluyendo, la 1.0.8.1. Esto se debe a la falta de validaci\u00f3n de nonce o a una validaci\u00f3n incorrecta en las funciones wpbe_create_new_term, wpbe_update_tax_term y wpbe_delete_tax_term. Esto permite que atacantes no […]","og_url":"http:\/\/127.0.0.1\/wolf-editor-y-gestor-de-entradas-de-wordpress-1-0-8-1-cross-site-request-forgery\/","og_site_name":"SeguridadWordPress.es","article_published_time":"2024-01-30T19:15:37+00:00","twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"http:\/\/127.0.0.1\/wolf-editor-y-gestor-de-entradas-de-wordpress-1-0-8-1-cross-site-request-forgery\/","url":"http:\/\/127.0.0.1\/wolf-editor-y-gestor-de-entradas-de-wordpress-1-0-8-1-cross-site-request-forgery\/","name":"WOLF - Editor y Gestor de Entradas de WordPress <= 1.0.8.1 - Cross-Site Request Forgery - SeguridadWordPress.es","isPartOf":{"@id":"http:\/\/127.0.0.1\/#website"},"datePublished":"2024-01-30T19:15:37+00:00","dateModified":"2024-01-30T19:15:37+00:00","author":{"@id":""},"breadcrumb":{"@id":"http:\/\/127.0.0.1\/wolf-editor-y-gestor-de-entradas-de-wordpress-1-0-8-1-cross-site-request-forgery\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["http:\/\/127.0.0.1\/wolf-editor-y-gestor-de-entradas-de-wordpress-1-0-8-1-cross-site-request-forgery\/"]}]},{"@type":"BreadcrumbList","@id":"http:\/\/127.0.0.1\/wolf-editor-y-gestor-de-entradas-de-wordpress-1-0-8-1-cross-site-request-forgery\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"http:\/\/127.0.0.1\/"},{"@type":"ListItem","position":2,"name":"WOLF – Editor y Gestor de Entradas de WordPress <= 1.0.8.1 – Cross-Site Request Forgery"}]},{"@type":"WebSite","@id":"http:\/\/127.0.0.1\/#website","url":"http:\/\/127.0.0.1\/","name":"SeguridadWordPress.es","description":"Recopilaci\u00f3n de vulnerabilidades WordPress.","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"http:\/\/127.0.0.1\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"}]}},"amp_enabled":true,"_links":{"self":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts\/2746"}],"collection":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/comments?post=2746"}],"version-history":[{"count":0,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts\/2746\/revisions"}],"wp:attachment":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/media?parent=2746"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/categories?post=2746"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/tags?post=2746"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}