{"id":2897,"date":"2024-02-14T17:45:53","date_gmt":"2024-02-14T17:45:53","guid":{"rendered":"http:\/\/127.0.0.1\/tinymce-professional-formats-and-styles-1-1-2-cross-site-request-forgery-csrf-a-traves-de-bb_taps_backend_page\/"},"modified":"2024-02-14T17:45:53","modified_gmt":"2024-02-14T17:45:53","slug":"tinymce-professional-formats-and-styles-1-1-2-cross-site-request-forgery-csrf-a-traves-de-bb_taps_backend_page","status":"publish","type":"post","link":"http:\/\/127.0.0.1\/tinymce-professional-formats-and-styles-1-1-2-cross-site-request-forgery-csrf-a-traves-de-bb_taps_backend_page\/","title":{"rendered":"TinyMCE Professional Formats and Styles &lt;= 1.1.2 &#8211; Cross-Site Request Forgery (CSRF) a trav\u00e9s de bb_taps_backend_page"},"content":{"rendered":"<div>El complemento TinyMCE Professional Formats and Styles para WordPress es vulnerable a Cross-Site Request Forgery (CSRF) en versiones hasta, e incluyendo, 1.1.2. Esto se debe a la falta o incorrecta validaci\u00f3n de nonce en la funci\u00f3n &#8216;bb_taps_backend_page&#8217;. Esto permite que atacantes no autenticados modifiquen la configuraci\u00f3n del complemento mediante una solicitud falsificada, siempre y cuando enga\u00f1en al administrador del sitio para que realice una acci\u00f3n, como hacer clic en un enlace.<\/div>\n<p><\/p>\n<div>El Cross-Site Request Forgery (CSRF) es una vulnerabilidad de seguridad en la cual un atacante puede aprovechar la confianza de un usuario autenticado para realizar acciones no deseadas en su nombre. En el caso espec\u00edfico del complemento TinyMCE Professional Formats and Styles, esta vulnerabilidad permite que un atacante no autenticado modifique la configuraci\u00f3n del complemento mediante una solicitud falsificada.<\/p>\n<p>Para subsanar este problema, se recomienda a los usuarios tomar las siguientes medidas de seguridad:<\/p>\n<p>1. Actualizar el complemento a la \u00faltima versi\u00f3n disponible, donde esta vulnerabilidad haya sido corregida.<br \/>\n2. Mantener actualizado el sistema WordPress y todos sus complementos, para evitar posibles vulnerabilidades conocidas.<br \/>\n3. No hacer clic en enlaces sospechosos o provenientes de fuentes no confiables, ya que estos pueden inducir a realizar acciones no deseadas en el sitio.<br \/>\n4. Implementar medidas de seguridad adicionales, como utilizar un firewall de aplicaciones web (WAF) o un complemento de seguridad espec\u00edfico para WordPress.<\/p>\n<p>Tomar estas medidas ayudar\u00e1 a proteger el sitio web y prevenir posibles ataques de Cross-Site Request Forgery (CSRF).<\/p><\/div>\n<div>La vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento TinyMCE Professional Formats and Styles puede ser explotada por atacantes no autenticados para modificar la configuraci\u00f3n del complemento. Para evitar esto, los usuarios deben actualizar el complemento a la \u00faltima versi\u00f3n, mantener su sistema WordPress actualizado y seguir buenas pr\u00e1cticas de seguridad, como no hacer clic en enlaces sospechosos. Al tomar estas precauciones, se proteger\u00e1 el sitio web y se reducir\u00e1 el riesgo de posibles ataques CSRF.<\/div>\n","protected":false},"excerpt":{"rendered":"<p>El complemento TinyMCE Professional Formats and Styles para WordPress es vulnerable a Cross-Site Request Forgery (CSRF) en versiones hasta, e incluyendo, 1.1.2. Esto se debe a la falta o incorrecta validaci\u00f3n de nonce en la funci\u00f3n &#8216;bb_taps_backend_page&#8217;. Esto permite que atacantes no autenticados modifiquen la configuraci\u00f3n del complemento mediante una solicitud falsificada, siempre y cuando [&hellip;]<\/p>\n","protected":false},"author":0,"featured_media":0,"comment_status":"","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[610],"class_list":["post-2897","post","type-post","status-publish","format-standard","hentry","category-uncategorized","tag-cve-2024-25904"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v21.8 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>TinyMCE Professional Formats and Styles &lt;= 1.1.2 - Cross-Site Request Forgery (CSRF) a trav\u00e9s de bb_taps_backend_page - SeguridadWordPress.es<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"http:\/\/127.0.0.1\/tinymce-professional-formats-and-styles-1-1-2-cross-site-request-forgery-csrf-a-traves-de-bb_taps_backend_page\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"TinyMCE Professional Formats and Styles &lt;= 1.1.2 - Cross-Site Request Forgery (CSRF) a trav\u00e9s de bb_taps_backend_page - SeguridadWordPress.es\" \/>\n<meta property=\"og:description\" content=\"El complemento TinyMCE Professional Formats and Styles para WordPress es vulnerable a Cross-Site Request Forgery (CSRF) en versiones hasta, e incluyendo, 1.1.2. Esto se debe a la falta o incorrecta validaci\u00f3n de nonce en la funci\u00f3n &#8216;bb_taps_backend_page&#8217;. Esto permite que atacantes no autenticados modifiquen la configuraci\u00f3n del complemento mediante una solicitud falsificada, siempre y cuando [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"http:\/\/127.0.0.1\/tinymce-professional-formats-and-styles-1-1-2-cross-site-request-forgery-csrf-a-traves-de-bb_taps_backend_page\/\" \/>\n<meta property=\"og:site_name\" content=\"SeguridadWordPress.es\" \/>\n<meta property=\"article:published_time\" content=\"2024-02-14T17:45:53+00:00\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"http:\/\/127.0.0.1\/tinymce-professional-formats-and-styles-1-1-2-cross-site-request-forgery-csrf-a-traves-de-bb_taps_backend_page\/\",\"url\":\"http:\/\/127.0.0.1\/tinymce-professional-formats-and-styles-1-1-2-cross-site-request-forgery-csrf-a-traves-de-bb_taps_backend_page\/\",\"name\":\"TinyMCE Professional Formats and Styles &lt;= 1.1.2 - Cross-Site Request Forgery (CSRF) a trav\u00e9s de bb_taps_backend_page - SeguridadWordPress.es\",\"isPartOf\":{\"@id\":\"http:\/\/127.0.0.1\/#website\"},\"datePublished\":\"2024-02-14T17:45:53+00:00\",\"dateModified\":\"2024-02-14T17:45:53+00:00\",\"author\":{\"@id\":\"\"},\"breadcrumb\":{\"@id\":\"http:\/\/127.0.0.1\/tinymce-professional-formats-and-styles-1-1-2-cross-site-request-forgery-csrf-a-traves-de-bb_taps_backend_page\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"http:\/\/127.0.0.1\/tinymce-professional-formats-and-styles-1-1-2-cross-site-request-forgery-csrf-a-traves-de-bb_taps_backend_page\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"http:\/\/127.0.0.1\/tinymce-professional-formats-and-styles-1-1-2-cross-site-request-forgery-csrf-a-traves-de-bb_taps_backend_page\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"http:\/\/127.0.0.1\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"TinyMCE Professional Formats and Styles &lt;= 1.1.2 &#8211; Cross-Site Request Forgery (CSRF) a trav\u00e9s de bb_taps_backend_page\"}]},{\"@type\":\"WebSite\",\"@id\":\"http:\/\/127.0.0.1\/#website\",\"url\":\"http:\/\/127.0.0.1\/\",\"name\":\"SeguridadWordPress.es\",\"description\":\"Recopilaci\u00f3n de vulnerabilidades WordPress.\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"http:\/\/127.0.0.1\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"TinyMCE Professional Formats and Styles &lt;= 1.1.2 - Cross-Site Request Forgery (CSRF) a trav\u00e9s de bb_taps_backend_page - SeguridadWordPress.es","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"http:\/\/127.0.0.1\/tinymce-professional-formats-and-styles-1-1-2-cross-site-request-forgery-csrf-a-traves-de-bb_taps_backend_page\/","og_locale":"en_US","og_type":"article","og_title":"TinyMCE Professional Formats and Styles &lt;= 1.1.2 - Cross-Site Request Forgery (CSRF) a trav\u00e9s de bb_taps_backend_page - SeguridadWordPress.es","og_description":"El complemento TinyMCE Professional Formats and Styles para WordPress es vulnerable a Cross-Site Request Forgery (CSRF) en versiones hasta, e incluyendo, 1.1.2. Esto se debe a la falta o incorrecta validaci\u00f3n de nonce en la funci\u00f3n &#8216;bb_taps_backend_page&#8217;. Esto permite que atacantes no autenticados modifiquen la configuraci\u00f3n del complemento mediante una solicitud falsificada, siempre y cuando [&hellip;]","og_url":"http:\/\/127.0.0.1\/tinymce-professional-formats-and-styles-1-1-2-cross-site-request-forgery-csrf-a-traves-de-bb_taps_backend_page\/","og_site_name":"SeguridadWordPress.es","article_published_time":"2024-02-14T17:45:53+00:00","twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"http:\/\/127.0.0.1\/tinymce-professional-formats-and-styles-1-1-2-cross-site-request-forgery-csrf-a-traves-de-bb_taps_backend_page\/","url":"http:\/\/127.0.0.1\/tinymce-professional-formats-and-styles-1-1-2-cross-site-request-forgery-csrf-a-traves-de-bb_taps_backend_page\/","name":"TinyMCE Professional Formats and Styles &lt;= 1.1.2 - Cross-Site Request Forgery (CSRF) a trav\u00e9s de bb_taps_backend_page - SeguridadWordPress.es","isPartOf":{"@id":"http:\/\/127.0.0.1\/#website"},"datePublished":"2024-02-14T17:45:53+00:00","dateModified":"2024-02-14T17:45:53+00:00","author":{"@id":""},"breadcrumb":{"@id":"http:\/\/127.0.0.1\/tinymce-professional-formats-and-styles-1-1-2-cross-site-request-forgery-csrf-a-traves-de-bb_taps_backend_page\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["http:\/\/127.0.0.1\/tinymce-professional-formats-and-styles-1-1-2-cross-site-request-forgery-csrf-a-traves-de-bb_taps_backend_page\/"]}]},{"@type":"BreadcrumbList","@id":"http:\/\/127.0.0.1\/tinymce-professional-formats-and-styles-1-1-2-cross-site-request-forgery-csrf-a-traves-de-bb_taps_backend_page\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"http:\/\/127.0.0.1\/"},{"@type":"ListItem","position":2,"name":"TinyMCE Professional Formats and Styles &lt;= 1.1.2 &#8211; Cross-Site Request Forgery (CSRF) a trav\u00e9s de bb_taps_backend_page"}]},{"@type":"WebSite","@id":"http:\/\/127.0.0.1\/#website","url":"http:\/\/127.0.0.1\/","name":"SeguridadWordPress.es","description":"Recopilaci\u00f3n de vulnerabilidades WordPress.","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"http:\/\/127.0.0.1\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"}]}},"amp_enabled":true,"_links":{"self":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts\/2897"}],"collection":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/comments?post=2897"}],"version-history":[{"count":0,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts\/2897\/revisions"}],"wp:attachment":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/media?parent=2897"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/categories?post=2897"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/tags?post=2897"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}