{"id":2896,"date":"2024-02-14T17:45:35","date_gmt":"2024-02-14T17:45:35","guid":{"rendered":"http:\/\/127.0.0.1\/multi-step-form-1-7-17-cross-site-request-forgery\/"},"modified":"2024-02-14T17:45:35","modified_gmt":"2024-02-14T17:45:35","slug":"multi-step-form-1-7-17-cross-site-request-forgery","status":"publish","type":"post","link":"http:\/\/127.0.0.1\/multi-step-form-1-7-17-cross-site-request-forgery\/","title":{"rendered":"Multi Step Form <= 1.7.17 – Cross-Site Request Forgery"},"content":{"rendered":"
Descripci\u00f3n corta: Cross-Site Request Forgery (CSRF). La vulnerabilidad de Cross-Site Request Forgery (CSRF) afecta al plugin Multi Step Form para WordPress en todas las versiones anteriores o igual a 1.7.17.<\/div>\n

<\/p>\n

La vulnerabilidad de Cross-Site Request Forgery (CSRF) en el plugin Multi Step Form para WordPress pone en riesgo la seguridad de los sitios web que lo utilizan. Esta vulnerabilidad se debe a la falta o incorrecta validaci\u00f3n de nonce en una funci\u00f3n desconocida. Esto permite que atacantes no autenticados realicen una acci\u00f3n desconocida siempre y cuando puedan enga\u00f1ar a un administrador del sitio para realizar una acci\u00f3n, como hacer clic en un enlace. El impacto de esta vulnerabilidad es desconocido.<\/p>\n

Para subsanar este problema, se recomienda a los usuarios actualizar a la \u00faltima versi\u00f3n del plugin Multi Step Form tan pronto como est\u00e9 disponible. Adem\u00e1s, es importante seguir buenas pr\u00e1cticas de seguridad, como mantener el software de WordPress y los plugins actualizados regularmente, utilizar contrase\u00f1as fuertes y \u00fanicas, y tener en cuenta la seguridad enlaces y accesos externos al administrar el sitio web.<\/p><\/div>\n

La vulnerabilidad de Cross-Site Request Forgery (CSRF) en el plugin Multi Step Form para WordPress puede ser explotada por atacantes no autenticados para realizar acciones desconocidas en el sitio web. Para protegerse, los usuarios deben actualizar el plugin a la \u00faltima versi\u00f3n y seguir buenas pr\u00e1cticas de seguridad. Mantener el software actualizado y utilizar contrase\u00f1as seguras son medidas fundamentales para proteger la integridad de los sitios web en WordPress.<\/div>\n","protected":false},"excerpt":{"rendered":"

Descripci\u00f3n corta: Cross-Site Request Forgery (CSRF). La vulnerabilidad de Cross-Site Request Forgery (CSRF) afecta al plugin Multi Step Form para WordPress en todas las versiones anteriores o igual a 1.7.17. La vulnerabilidad de Cross-Site Request Forgery (CSRF) en el plugin Multi Step Form para WordPress pone en riesgo la seguridad de los sitios web que […]<\/p>\n","protected":false},"author":0,"featured_media":0,"comment_status":"","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[609],"class_list":["post-2896","post","type-post","status-publish","format-standard","hentry","category-uncategorized","tag-cve-2024-25905"],"yoast_head":"\nMulti Step Form <= 1.7.17 - Cross-Site Request Forgery - SeguridadWordPress.es<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"http:\/\/127.0.0.1\/multi-step-form-1-7-17-cross-site-request-forgery\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Multi Step Form <= 1.7.17 - Cross-Site Request Forgery - SeguridadWordPress.es\" \/>\n<meta property=\"og:description\" content=\"Descripci\u00f3n corta: Cross-Site Request Forgery (CSRF). La vulnerabilidad de Cross-Site Request Forgery (CSRF) afecta al plugin Multi Step Form para WordPress en todas las versiones anteriores o igual a 1.7.17. La vulnerabilidad de Cross-Site Request Forgery (CSRF) en el plugin Multi Step Form para WordPress pone en riesgo la seguridad de los sitios web que […]\" \/>\n<meta property=\"og:url\" content=\"http:\/\/127.0.0.1\/multi-step-form-1-7-17-cross-site-request-forgery\/\" \/>\n<meta property=\"og:site_name\" content=\"SeguridadWordPress.es\" \/>\n<meta property=\"article:published_time\" content=\"2024-02-14T17:45:35+00:00\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"http:\/\/127.0.0.1\/multi-step-form-1-7-17-cross-site-request-forgery\/\",\"url\":\"http:\/\/127.0.0.1\/multi-step-form-1-7-17-cross-site-request-forgery\/\",\"name\":\"Multi Step Form <= 1.7.17 - Cross-Site Request Forgery - SeguridadWordPress.es\",\"isPartOf\":{\"@id\":\"http:\/\/127.0.0.1\/#website\"},\"datePublished\":\"2024-02-14T17:45:35+00:00\",\"dateModified\":\"2024-02-14T17:45:35+00:00\",\"author\":{\"@id\":\"\"},\"breadcrumb\":{\"@id\":\"http:\/\/127.0.0.1\/multi-step-form-1-7-17-cross-site-request-forgery\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"http:\/\/127.0.0.1\/multi-step-form-1-7-17-cross-site-request-forgery\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"http:\/\/127.0.0.1\/multi-step-form-1-7-17-cross-site-request-forgery\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"http:\/\/127.0.0.1\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Multi Step Form <= 1.7.17 – Cross-Site Request Forgery\"}]},{\"@type\":\"WebSite\",\"@id\":\"http:\/\/127.0.0.1\/#website\",\"url\":\"http:\/\/127.0.0.1\/\",\"name\":\"SeguridadWordPress.es\",\"description\":\"Recopilaci\u00f3n de vulnerabilidades WordPress.\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"http:\/\/127.0.0.1\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Multi Step Form <= 1.7.17 - Cross-Site Request Forgery - SeguridadWordPress.es","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"http:\/\/127.0.0.1\/multi-step-form-1-7-17-cross-site-request-forgery\/","og_locale":"en_US","og_type":"article","og_title":"Multi Step Form <= 1.7.17 - Cross-Site Request Forgery - SeguridadWordPress.es","og_description":"Descripci\u00f3n corta: Cross-Site Request Forgery (CSRF). La vulnerabilidad de Cross-Site Request Forgery (CSRF) afecta al plugin Multi Step Form para WordPress en todas las versiones anteriores o igual a 1.7.17. La vulnerabilidad de Cross-Site Request Forgery (CSRF) en el plugin Multi Step Form para WordPress pone en riesgo la seguridad de los sitios web que […]","og_url":"http:\/\/127.0.0.1\/multi-step-form-1-7-17-cross-site-request-forgery\/","og_site_name":"SeguridadWordPress.es","article_published_time":"2024-02-14T17:45:35+00:00","twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"http:\/\/127.0.0.1\/multi-step-form-1-7-17-cross-site-request-forgery\/","url":"http:\/\/127.0.0.1\/multi-step-form-1-7-17-cross-site-request-forgery\/","name":"Multi Step Form <= 1.7.17 - Cross-Site Request Forgery - SeguridadWordPress.es","isPartOf":{"@id":"http:\/\/127.0.0.1\/#website"},"datePublished":"2024-02-14T17:45:35+00:00","dateModified":"2024-02-14T17:45:35+00:00","author":{"@id":""},"breadcrumb":{"@id":"http:\/\/127.0.0.1\/multi-step-form-1-7-17-cross-site-request-forgery\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["http:\/\/127.0.0.1\/multi-step-form-1-7-17-cross-site-request-forgery\/"]}]},{"@type":"BreadcrumbList","@id":"http:\/\/127.0.0.1\/multi-step-form-1-7-17-cross-site-request-forgery\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"http:\/\/127.0.0.1\/"},{"@type":"ListItem","position":2,"name":"Multi Step Form <= 1.7.17 – Cross-Site Request Forgery"}]},{"@type":"WebSite","@id":"http:\/\/127.0.0.1\/#website","url":"http:\/\/127.0.0.1\/","name":"SeguridadWordPress.es","description":"Recopilaci\u00f3n de vulnerabilidades WordPress.","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"http:\/\/127.0.0.1\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"}]}},"amp_enabled":true,"_links":{"self":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts\/2896"}],"collection":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/comments?post=2896"}],"version-history":[{"count":0,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts\/2896\/revisions"}],"wp:attachment":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/media?parent=2896"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/categories?post=2896"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/tags?post=2896"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}