{"id":2818,"date":"2024-02-06T19:18:21","date_gmt":"2024-02-06T19:18:21","guid":{"rendered":"http:\/\/127.0.0.1\/all-in-one-security-aios-security-and-firewall-5-2-5-cross-site-scripting-reflejado\/"},"modified":"2024-02-06T19:18:21","modified_gmt":"2024-02-06T19:18:21","slug":"all-in-one-security-aios-security-and-firewall-5-2-5-cross-site-scripting-reflejado","status":"publish","type":"post","link":"http:\/\/127.0.0.1\/all-in-one-security-aios-security-and-firewall-5-2-5-cross-site-scripting-reflejado\/","title":{"rendered":"All-In-One Security (AIOS) – Security and Firewall <= 5.2.5 – Cross-Site Scripting Reflejado"},"content":{"rendered":"
En este art\u00edculo discutiremos una vulnerabilidad de seguridad identificada como CVE-2024-1037 en el plugin All-In-One Security (AIOS) – Security and Firewall para WordPress. Esta vulnerabilidad permite la ejecuci\u00f3n de scripts maliciosos, conocida como Cross-Site Scripting Reflejado, a trav\u00e9s del par\u00e1metro ‘tab’.<\/div>\n

<\/p>\n

La versi\u00f3n 5.2.5 y anteriores del plugin All-In-One Security (AIOS) – Security and Firewall para WordPress presentan una falla en la sanitizaci\u00f3n de entrada y escapado de salida. Esto significa que los atacantes no autenticados pueden inyectar scripts web maliciosos si logran enga\u00f1ar a un usuario para que realice una acci\u00f3n, como hacer clic en un enlace.<\/p>\n

Esta vulnerabilidad puede ser explotada para robar informaci\u00f3n confidencial del usuario, redirigir a sitios web maliciosos o realizar acciones no deseadas en nombre del usuario. Para subsanar este problema, se recomienda a los usuarios actualizar el plugin a la \u00faltima versi\u00f3n disponible tan pronto como sea posible. Adem\u00e1s, se debe tener cuidado al hacer clic en enlaces sospechosos o desconocidos.<\/p><\/div>\n

La vulnerabilidad de Cross-Site Scripting Reflejado en el plugin All-In-One Security (AIOS) – Security and Firewall hasta la versi\u00f3n 5.2.5 es un riesgo significativo para la seguridad de los sitios web de WordPress. Los usuarios deben tomar medidas inmediatas para proteger sus sitios actualizando el plugin y manteni\u00e9ndose informados sobre las pr\u00e1cticas seguras de navegaci\u00f3n en l\u00ednea. Al seguir estas recomendaciones, se reduce considerablemente el potencial de explotaci\u00f3n de esta vulnerabilidad y se mantienen los sitios seguros.<\/div>\n","protected":false},"excerpt":{"rendered":"

En este art\u00edculo discutiremos una vulnerabilidad de seguridad identificada como CVE-2024-1037 en el plugin All-In-One Security (AIOS) – Security and Firewall para WordPress. Esta vulnerabilidad permite la ejecuci\u00f3n de scripts maliciosos, conocida como Cross-Site Scripting Reflejado, a trav\u00e9s del par\u00e1metro ‘tab’. La versi\u00f3n 5.2.5 y anteriores del plugin All-In-One Security (AIOS) – Security and Firewall […]<\/p>\n","protected":false},"author":0,"featured_media":0,"comment_status":"","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[533],"class_list":["post-2818","post","type-post","status-publish","format-standard","hentry","category-uncategorized","tag-cve-2024-1037"],"yoast_head":"\nAll-In-One Security (AIOS) - Security and Firewall <= 5.2.5 - Cross-Site Scripting Reflejado - SeguridadWordPress.es<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"http:\/\/127.0.0.1\/all-in-one-security-aios-security-and-firewall-5-2-5-cross-site-scripting-reflejado\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"All-In-One Security (AIOS) - Security and Firewall <= 5.2.5 - Cross-Site Scripting Reflejado - SeguridadWordPress.es\" \/>\n<meta property=\"og:description\" content=\"En este art\u00edculo discutiremos una vulnerabilidad de seguridad identificada como CVE-2024-1037 en el plugin All-In-One Security (AIOS) – Security and Firewall para WordPress. Esta vulnerabilidad permite la ejecuci\u00f3n de scripts maliciosos, conocida como Cross-Site Scripting Reflejado, a trav\u00e9s del par\u00e1metro ‘tab’. La versi\u00f3n 5.2.5 y anteriores del plugin All-In-One Security (AIOS) – Security and Firewall […]\" \/>\n<meta property=\"og:url\" content=\"http:\/\/127.0.0.1\/all-in-one-security-aios-security-and-firewall-5-2-5-cross-site-scripting-reflejado\/\" \/>\n<meta property=\"og:site_name\" content=\"SeguridadWordPress.es\" \/>\n<meta property=\"article:published_time\" content=\"2024-02-06T19:18:21+00:00\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"http:\/\/127.0.0.1\/all-in-one-security-aios-security-and-firewall-5-2-5-cross-site-scripting-reflejado\/\",\"url\":\"http:\/\/127.0.0.1\/all-in-one-security-aios-security-and-firewall-5-2-5-cross-site-scripting-reflejado\/\",\"name\":\"All-In-One Security (AIOS) - Security and Firewall <= 5.2.5 - Cross-Site Scripting Reflejado - SeguridadWordPress.es\",\"isPartOf\":{\"@id\":\"http:\/\/127.0.0.1\/#website\"},\"datePublished\":\"2024-02-06T19:18:21+00:00\",\"dateModified\":\"2024-02-06T19:18:21+00:00\",\"author\":{\"@id\":\"\"},\"breadcrumb\":{\"@id\":\"http:\/\/127.0.0.1\/all-in-one-security-aios-security-and-firewall-5-2-5-cross-site-scripting-reflejado\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"http:\/\/127.0.0.1\/all-in-one-security-aios-security-and-firewall-5-2-5-cross-site-scripting-reflejado\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"http:\/\/127.0.0.1\/all-in-one-security-aios-security-and-firewall-5-2-5-cross-site-scripting-reflejado\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"http:\/\/127.0.0.1\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"All-In-One Security (AIOS) – Security and Firewall <= 5.2.5 – Cross-Site Scripting Reflejado\"}]},{\"@type\":\"WebSite\",\"@id\":\"http:\/\/127.0.0.1\/#website\",\"url\":\"http:\/\/127.0.0.1\/\",\"name\":\"SeguridadWordPress.es\",\"description\":\"Recopilaci\u00f3n de vulnerabilidades WordPress.\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"http:\/\/127.0.0.1\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"All-In-One Security (AIOS) - Security and Firewall <= 5.2.5 - Cross-Site Scripting Reflejado - SeguridadWordPress.es","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"http:\/\/127.0.0.1\/all-in-one-security-aios-security-and-firewall-5-2-5-cross-site-scripting-reflejado\/","og_locale":"en_US","og_type":"article","og_title":"All-In-One Security (AIOS) - Security and Firewall <= 5.2.5 - Cross-Site Scripting Reflejado - SeguridadWordPress.es","og_description":"En este art\u00edculo discutiremos una vulnerabilidad de seguridad identificada como CVE-2024-1037 en el plugin All-In-One Security (AIOS) – Security and Firewall para WordPress. Esta vulnerabilidad permite la ejecuci\u00f3n de scripts maliciosos, conocida como Cross-Site Scripting Reflejado, a trav\u00e9s del par\u00e1metro ‘tab’. La versi\u00f3n 5.2.5 y anteriores del plugin All-In-One Security (AIOS) – Security and Firewall […]","og_url":"http:\/\/127.0.0.1\/all-in-one-security-aios-security-and-firewall-5-2-5-cross-site-scripting-reflejado\/","og_site_name":"SeguridadWordPress.es","article_published_time":"2024-02-06T19:18:21+00:00","twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"http:\/\/127.0.0.1\/all-in-one-security-aios-security-and-firewall-5-2-5-cross-site-scripting-reflejado\/","url":"http:\/\/127.0.0.1\/all-in-one-security-aios-security-and-firewall-5-2-5-cross-site-scripting-reflejado\/","name":"All-In-One Security (AIOS) - Security and Firewall <= 5.2.5 - Cross-Site Scripting Reflejado - SeguridadWordPress.es","isPartOf":{"@id":"http:\/\/127.0.0.1\/#website"},"datePublished":"2024-02-06T19:18:21+00:00","dateModified":"2024-02-06T19:18:21+00:00","author":{"@id":""},"breadcrumb":{"@id":"http:\/\/127.0.0.1\/all-in-one-security-aios-security-and-firewall-5-2-5-cross-site-scripting-reflejado\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["http:\/\/127.0.0.1\/all-in-one-security-aios-security-and-firewall-5-2-5-cross-site-scripting-reflejado\/"]}]},{"@type":"BreadcrumbList","@id":"http:\/\/127.0.0.1\/all-in-one-security-aios-security-and-firewall-5-2-5-cross-site-scripting-reflejado\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"http:\/\/127.0.0.1\/"},{"@type":"ListItem","position":2,"name":"All-In-One Security (AIOS) – Security and Firewall <= 5.2.5 – Cross-Site Scripting Reflejado"}]},{"@type":"WebSite","@id":"http:\/\/127.0.0.1\/#website","url":"http:\/\/127.0.0.1\/","name":"SeguridadWordPress.es","description":"Recopilaci\u00f3n de vulnerabilidades WordPress.","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"http:\/\/127.0.0.1\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"}]}},"amp_enabled":true,"_links":{"self":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts\/2818"}],"collection":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/comments?post=2818"}],"version-history":[{"count":0,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts\/2818\/revisions"}],"wp:attachment":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/media?parent=2818"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/categories?post=2818"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/tags?post=2818"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}