{"id":2814,"date":"2024-02-06T17:16:57","date_gmt":"2024-02-06T17:16:57","guid":{"rendered":"http:\/\/127.0.0.1\/calculatorpro-calculators-1-1-7-vulnerabilidad-de-script-cross-site-reflejado-a-traves-de-cp_preview_calc\/"},"modified":"2024-02-06T17:16:57","modified_gmt":"2024-02-06T17:16:57","slug":"calculatorpro-calculators-1-1-7-vulnerabilidad-de-script-cross-site-reflejado-a-traves-de-cp_preview_calc","status":"publish","type":"post","link":"http:\/\/127.0.0.1\/calculatorpro-calculators-1-1-7-vulnerabilidad-de-script-cross-site-reflejado-a-traves-de-cp_preview_calc\/","title":{"rendered":"CalculatorPro Calculators <= 1.1.7 – Vulnerabilidad de Script Cross-Site Reflejado a trav\u00e9s de CP_preview_calc"},"content":{"rendered":"
El plugin CalculatorPro Calculators para WordPress es vulnerable a una vulnerabilidad de Script Cross-Site Reflejado a trav\u00e9s de varios par\u00e1metros en la funci\u00f3n ‘CP_preview_calc’ en versiones hasta, e incluyendo, la 1.1.7 debido a una saneaci\u00f3n insuficiente de la entrada y escape de salida. Esto permite que atacantes no autenticados inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n si logran enga\u00f1ar a un usuario para que realice una acci\u00f3n, como hacer clic en un enlace.<\/div>\n

<\/p>\n

La vulnerabilidad de Script Cross-Site Reflejado (XSS) consiste en la inserci\u00f3n de c\u00f3digo JavaScript malicioso en p\u00e1ginas web vistas por otros usuarios. En este caso, el plugin CalculatorPro Calculators no realiza una adecuada saneaci\u00f3n de los datos recibidos de los par\u00e1metros de la funci\u00f3n ‘CP_preview_calc’, lo cual permite que un atacante inyecte c\u00f3digo JavaScript en la p\u00e1gina generada y este se ejecute en el navegador de los usuarios que accedan a ella.<\/p>\n

Para subsanar este problema, los usuarios del plugin CalculatorPro Calculators deben actualizar a la \u00faltima versi\u00f3n disponible (1.1.8) que soluciona esta vulnerabilidad. Adem\u00e1s, se recomienda verificar la seguridad de otros plugins y temas instalados en WordPress, mantener el sistema actualizado y utilizar medidas de protecci\u00f3n adicionales, como cortafuegos y plugins de seguridad.<\/p><\/div>\n

La vulnerabilidad de Script Cross-Site Reflejado en el plugin CalculatorPro Calculators puede ser explotada por atacantes no autenticados para ejecutar scripts web maliciosos en el navegador de los usuarios. Los usuarios deben actualizar el plugin a la \u00faltima versi\u00f3n disponible y tomar otras medidas de seguridad para proteger su sitio web de ataques similares.<\/div>\n","protected":false},"excerpt":{"rendered":"

El plugin CalculatorPro Calculators para WordPress es vulnerable a una vulnerabilidad de Script Cross-Site Reflejado a trav\u00e9s de varios par\u00e1metros en la funci\u00f3n ‘CP_preview_calc’ en versiones hasta, e incluyendo, la 1.1.7 debido a una saneaci\u00f3n insuficiente de la entrada y escape de salida. Esto permite que atacantes no autenticados inyecten scripts web arbitrarios en p\u00e1ginas […]<\/p>\n","protected":false},"author":0,"featured_media":0,"comment_status":"","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[529],"class_list":["post-2814","post","type-post","status-publish","format-standard","hentry","category-uncategorized","tag-cve-2024-24847"],"yoast_head":"\nCalculatorPro Calculators <= 1.1.7 - Vulnerabilidad de Script Cross-Site Reflejado a trav\u00e9s de CP_preview_calc - SeguridadWordPress.es<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"http:\/\/127.0.0.1\/calculatorpro-calculators-1-1-7-vulnerabilidad-de-script-cross-site-reflejado-a-traves-de-cp_preview_calc\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"CalculatorPro Calculators <= 1.1.7 - Vulnerabilidad de Script Cross-Site Reflejado a trav\u00e9s de CP_preview_calc - SeguridadWordPress.es\" \/>\n<meta property=\"og:description\" content=\"El plugin CalculatorPro Calculators para WordPress es vulnerable a una vulnerabilidad de Script Cross-Site Reflejado a trav\u00e9s de varios par\u00e1metros en la funci\u00f3n ‘CP_preview_calc’ en versiones hasta, e incluyendo, la 1.1.7 debido a una saneaci\u00f3n insuficiente de la entrada y escape de salida. Esto permite que atacantes no autenticados inyecten scripts web arbitrarios en p\u00e1ginas […]\" \/>\n<meta property=\"og:url\" content=\"http:\/\/127.0.0.1\/calculatorpro-calculators-1-1-7-vulnerabilidad-de-script-cross-site-reflejado-a-traves-de-cp_preview_calc\/\" \/>\n<meta property=\"og:site_name\" content=\"SeguridadWordPress.es\" \/>\n<meta property=\"article:published_time\" content=\"2024-02-06T17:16:57+00:00\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"http:\/\/127.0.0.1\/calculatorpro-calculators-1-1-7-vulnerabilidad-de-script-cross-site-reflejado-a-traves-de-cp_preview_calc\/\",\"url\":\"http:\/\/127.0.0.1\/calculatorpro-calculators-1-1-7-vulnerabilidad-de-script-cross-site-reflejado-a-traves-de-cp_preview_calc\/\",\"name\":\"CalculatorPro Calculators <= 1.1.7 - Vulnerabilidad de Script Cross-Site Reflejado a trav\u00e9s de CP_preview_calc - SeguridadWordPress.es\",\"isPartOf\":{\"@id\":\"http:\/\/127.0.0.1\/#website\"},\"datePublished\":\"2024-02-06T17:16:57+00:00\",\"dateModified\":\"2024-02-06T17:16:57+00:00\",\"author\":{\"@id\":\"\"},\"breadcrumb\":{\"@id\":\"http:\/\/127.0.0.1\/calculatorpro-calculators-1-1-7-vulnerabilidad-de-script-cross-site-reflejado-a-traves-de-cp_preview_calc\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"http:\/\/127.0.0.1\/calculatorpro-calculators-1-1-7-vulnerabilidad-de-script-cross-site-reflejado-a-traves-de-cp_preview_calc\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"http:\/\/127.0.0.1\/calculatorpro-calculators-1-1-7-vulnerabilidad-de-script-cross-site-reflejado-a-traves-de-cp_preview_calc\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"http:\/\/127.0.0.1\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"CalculatorPro Calculators <= 1.1.7 – Vulnerabilidad de Script Cross-Site Reflejado a trav\u00e9s de CP_preview_calc\"}]},{\"@type\":\"WebSite\",\"@id\":\"http:\/\/127.0.0.1\/#website\",\"url\":\"http:\/\/127.0.0.1\/\",\"name\":\"SeguridadWordPress.es\",\"description\":\"Recopilaci\u00f3n de vulnerabilidades WordPress.\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"http:\/\/127.0.0.1\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"CalculatorPro Calculators <= 1.1.7 - Vulnerabilidad de Script Cross-Site Reflejado a trav\u00e9s de CP_preview_calc - SeguridadWordPress.es","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"http:\/\/127.0.0.1\/calculatorpro-calculators-1-1-7-vulnerabilidad-de-script-cross-site-reflejado-a-traves-de-cp_preview_calc\/","og_locale":"en_US","og_type":"article","og_title":"CalculatorPro Calculators <= 1.1.7 - Vulnerabilidad de Script Cross-Site Reflejado a trav\u00e9s de CP_preview_calc - SeguridadWordPress.es","og_description":"El plugin CalculatorPro Calculators para WordPress es vulnerable a una vulnerabilidad de Script Cross-Site Reflejado a trav\u00e9s de varios par\u00e1metros en la funci\u00f3n ‘CP_preview_calc’ en versiones hasta, e incluyendo, la 1.1.7 debido a una saneaci\u00f3n insuficiente de la entrada y escape de salida. Esto permite que atacantes no autenticados inyecten scripts web arbitrarios en p\u00e1ginas […]","og_url":"http:\/\/127.0.0.1\/calculatorpro-calculators-1-1-7-vulnerabilidad-de-script-cross-site-reflejado-a-traves-de-cp_preview_calc\/","og_site_name":"SeguridadWordPress.es","article_published_time":"2024-02-06T17:16:57+00:00","twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"http:\/\/127.0.0.1\/calculatorpro-calculators-1-1-7-vulnerabilidad-de-script-cross-site-reflejado-a-traves-de-cp_preview_calc\/","url":"http:\/\/127.0.0.1\/calculatorpro-calculators-1-1-7-vulnerabilidad-de-script-cross-site-reflejado-a-traves-de-cp_preview_calc\/","name":"CalculatorPro Calculators <= 1.1.7 - Vulnerabilidad de Script Cross-Site Reflejado a trav\u00e9s de CP_preview_calc - SeguridadWordPress.es","isPartOf":{"@id":"http:\/\/127.0.0.1\/#website"},"datePublished":"2024-02-06T17:16:57+00:00","dateModified":"2024-02-06T17:16:57+00:00","author":{"@id":""},"breadcrumb":{"@id":"http:\/\/127.0.0.1\/calculatorpro-calculators-1-1-7-vulnerabilidad-de-script-cross-site-reflejado-a-traves-de-cp_preview_calc\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["http:\/\/127.0.0.1\/calculatorpro-calculators-1-1-7-vulnerabilidad-de-script-cross-site-reflejado-a-traves-de-cp_preview_calc\/"]}]},{"@type":"BreadcrumbList","@id":"http:\/\/127.0.0.1\/calculatorpro-calculators-1-1-7-vulnerabilidad-de-script-cross-site-reflejado-a-traves-de-cp_preview_calc\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"http:\/\/127.0.0.1\/"},{"@type":"ListItem","position":2,"name":"CalculatorPro Calculators <= 1.1.7 – Vulnerabilidad de Script Cross-Site Reflejado a trav\u00e9s de CP_preview_calc"}]},{"@type":"WebSite","@id":"http:\/\/127.0.0.1\/#website","url":"http:\/\/127.0.0.1\/","name":"SeguridadWordPress.es","description":"Recopilaci\u00f3n de vulnerabilidades WordPress.","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"http:\/\/127.0.0.1\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"}]}},"amp_enabled":true,"_links":{"self":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts\/2814"}],"collection":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/comments?post=2814"}],"version-history":[{"count":0,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts\/2814\/revisions"}],"wp:attachment":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/media?parent=2814"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/categories?post=2814"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/tags?post=2814"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}