{"id":2879,"date":"2024-02-12T19:47:18","date_gmt":"2024-02-12T19:47:18","guid":{"rendered":"http:\/\/127.0.0.1\/honeypot-for-wp-comment-2-2-3-cross-site-scripting-reflejado-a-traves-de-la-pagina\/"},"modified":"2024-02-12T19:47:18","modified_gmt":"2024-02-12T19:47:18","slug":"honeypot-for-wp-comment-2-2-3-cross-site-scripting-reflejado-a-traves-de-la-pagina","status":"publish","type":"post","link":"http:\/\/127.0.0.1\/honeypot-for-wp-comment-2-2-3-cross-site-scripting-reflejado-a-traves-de-la-pagina\/","title":{"rendered":"Honeypot for WP Comment <= 2.2.3 – Cross-Site Scripting Reflejado a trav\u00e9s de la p\u00e1gina"},"content":{"rendered":"
En este informe de seguridad, se ha descubierto que el plugin Honeypot for WP Comment para WordPress es vulnerable a un tipo de ataque conocido como Cross-Site Scripting Reflejado. Esta vulnerabilidad puede ser explotada a trav\u00e9s del par\u00e1metro ‘page’ en versiones anteriores a la 2.2.3, lo cual permite que atacantes no autenticados inyecten scripts maliciosos en las p\u00e1ginas y los ejecuten, si logran enga\u00f1ar exitosamente a un usuario para que realice una acci\u00f3n, como hacer clic en un enlace.<\/div>\n

<\/p>\n

El problema subyacente en el plugin Honeypot for WP Comment radica en la falta de saneamiento de la entrada y el escape adecuado de la salida. Esto significa que los datos ingresados por los usuarios no se filtran correctamente y se muestran directamente en las p\u00e1ginas del sitio web. Los atacantes pueden aprovechar esto para insertar c\u00f3digo HTML o JavaScript malicioso, lo que les permite robar informaci\u00f3n confidencial del usuario, redirigir a sitios web maliciosos o realizar acciones no autorizadas en nombre del usuario.<\/div>\n
La vulnerabilidad de Cross-Site Scripting Reflejado en el plugin Honeypot for WP Comment puede poner en riesgo la seguridad de un sitio web construido con WordPress. Sin embargo, al tomar medidas preventivas y mantenerse actualizado con las \u00faltimas versiones del plugin, los usuarios pueden reducir significativamente el riesgo de ser v\u00edctimas de este tipo de ataque. La seguridad de un sitio web es responsabilidad de todos y es fundamental estar siempre informado y tomar medidas proactivas para proteger nuestros activos en l\u00ednea.<\/div>\n","protected":false},"excerpt":{"rendered":"

En este informe de seguridad, se ha descubierto que el plugin Honeypot for WP Comment para WordPress es vulnerable a un tipo de ataque conocido como Cross-Site Scripting Reflejado. Esta vulnerabilidad puede ser explotada a trav\u00e9s del par\u00e1metro ‘page’ en versiones anteriores a la 2.2.3, lo cual permite que atacantes no autenticados inyecten scripts maliciosos […]<\/p>\n","protected":false},"author":0,"featured_media":0,"comment_status":"","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[592],"class_list":["post-2879","post","type-post","status-publish","format-standard","hentry","category-uncategorized","tag-cve-2024-24933"],"yoast_head":"\nHoneypot for WP Comment <= 2.2.3 - Cross-Site Scripting Reflejado a trav\u00e9s de la p\u00e1gina - SeguridadWordPress.es<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"http:\/\/127.0.0.1\/honeypot-for-wp-comment-2-2-3-cross-site-scripting-reflejado-a-traves-de-la-pagina\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Honeypot for WP Comment <= 2.2.3 - Cross-Site Scripting Reflejado a trav\u00e9s de la p\u00e1gina - SeguridadWordPress.es\" \/>\n<meta property=\"og:description\" content=\"En este informe de seguridad, se ha descubierto que el plugin Honeypot for WP Comment para WordPress es vulnerable a un tipo de ataque conocido como Cross-Site Scripting Reflejado. Esta vulnerabilidad puede ser explotada a trav\u00e9s del par\u00e1metro ‘page’ en versiones anteriores a la 2.2.3, lo cual permite que atacantes no autenticados inyecten scripts maliciosos […]\" \/>\n<meta property=\"og:url\" content=\"http:\/\/127.0.0.1\/honeypot-for-wp-comment-2-2-3-cross-site-scripting-reflejado-a-traves-de-la-pagina\/\" \/>\n<meta property=\"og:site_name\" content=\"SeguridadWordPress.es\" \/>\n<meta property=\"article:published_time\" content=\"2024-02-12T19:47:18+00:00\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"http:\/\/127.0.0.1\/honeypot-for-wp-comment-2-2-3-cross-site-scripting-reflejado-a-traves-de-la-pagina\/\",\"url\":\"http:\/\/127.0.0.1\/honeypot-for-wp-comment-2-2-3-cross-site-scripting-reflejado-a-traves-de-la-pagina\/\",\"name\":\"Honeypot for WP Comment <= 2.2.3 - Cross-Site Scripting Reflejado a trav\u00e9s de la p\u00e1gina - SeguridadWordPress.es\",\"isPartOf\":{\"@id\":\"http:\/\/127.0.0.1\/#website\"},\"datePublished\":\"2024-02-12T19:47:18+00:00\",\"dateModified\":\"2024-02-12T19:47:18+00:00\",\"author\":{\"@id\":\"\"},\"breadcrumb\":{\"@id\":\"http:\/\/127.0.0.1\/honeypot-for-wp-comment-2-2-3-cross-site-scripting-reflejado-a-traves-de-la-pagina\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"http:\/\/127.0.0.1\/honeypot-for-wp-comment-2-2-3-cross-site-scripting-reflejado-a-traves-de-la-pagina\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"http:\/\/127.0.0.1\/honeypot-for-wp-comment-2-2-3-cross-site-scripting-reflejado-a-traves-de-la-pagina\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"http:\/\/127.0.0.1\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Honeypot for WP Comment <= 2.2.3 – Cross-Site Scripting Reflejado a trav\u00e9s de la p\u00e1gina\"}]},{\"@type\":\"WebSite\",\"@id\":\"http:\/\/127.0.0.1\/#website\",\"url\":\"http:\/\/127.0.0.1\/\",\"name\":\"SeguridadWordPress.es\",\"description\":\"Recopilaci\u00f3n de vulnerabilidades WordPress.\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"http:\/\/127.0.0.1\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Honeypot for WP Comment <= 2.2.3 - Cross-Site Scripting Reflejado a trav\u00e9s de la p\u00e1gina - SeguridadWordPress.es","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"http:\/\/127.0.0.1\/honeypot-for-wp-comment-2-2-3-cross-site-scripting-reflejado-a-traves-de-la-pagina\/","og_locale":"en_US","og_type":"article","og_title":"Honeypot for WP Comment <= 2.2.3 - Cross-Site Scripting Reflejado a trav\u00e9s de la p\u00e1gina - SeguridadWordPress.es","og_description":"En este informe de seguridad, se ha descubierto que el plugin Honeypot for WP Comment para WordPress es vulnerable a un tipo de ataque conocido como Cross-Site Scripting Reflejado. Esta vulnerabilidad puede ser explotada a trav\u00e9s del par\u00e1metro ‘page’ en versiones anteriores a la 2.2.3, lo cual permite que atacantes no autenticados inyecten scripts maliciosos […]","og_url":"http:\/\/127.0.0.1\/honeypot-for-wp-comment-2-2-3-cross-site-scripting-reflejado-a-traves-de-la-pagina\/","og_site_name":"SeguridadWordPress.es","article_published_time":"2024-02-12T19:47:18+00:00","twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"http:\/\/127.0.0.1\/honeypot-for-wp-comment-2-2-3-cross-site-scripting-reflejado-a-traves-de-la-pagina\/","url":"http:\/\/127.0.0.1\/honeypot-for-wp-comment-2-2-3-cross-site-scripting-reflejado-a-traves-de-la-pagina\/","name":"Honeypot for WP Comment <= 2.2.3 - Cross-Site Scripting Reflejado a trav\u00e9s de la p\u00e1gina - SeguridadWordPress.es","isPartOf":{"@id":"http:\/\/127.0.0.1\/#website"},"datePublished":"2024-02-12T19:47:18+00:00","dateModified":"2024-02-12T19:47:18+00:00","author":{"@id":""},"breadcrumb":{"@id":"http:\/\/127.0.0.1\/honeypot-for-wp-comment-2-2-3-cross-site-scripting-reflejado-a-traves-de-la-pagina\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["http:\/\/127.0.0.1\/honeypot-for-wp-comment-2-2-3-cross-site-scripting-reflejado-a-traves-de-la-pagina\/"]}]},{"@type":"BreadcrumbList","@id":"http:\/\/127.0.0.1\/honeypot-for-wp-comment-2-2-3-cross-site-scripting-reflejado-a-traves-de-la-pagina\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"http:\/\/127.0.0.1\/"},{"@type":"ListItem","position":2,"name":"Honeypot for WP Comment <= 2.2.3 – Cross-Site Scripting Reflejado a trav\u00e9s de la p\u00e1gina"}]},{"@type":"WebSite","@id":"http:\/\/127.0.0.1\/#website","url":"http:\/\/127.0.0.1\/","name":"SeguridadWordPress.es","description":"Recopilaci\u00f3n de vulnerabilidades WordPress.","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"http:\/\/127.0.0.1\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"}]}},"amp_enabled":true,"_links":{"self":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts\/2879"}],"collection":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/comments?post=2879"}],"version-history":[{"count":0,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts\/2879\/revisions"}],"wp:attachment":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/media?parent=2879"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/categories?post=2879"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/tags?post=2879"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}