{"id":2899,"date":"2024-02-14T19:45:18","date_gmt":"2024-02-14T19:45:18","guid":{"rendered":"http:\/\/127.0.0.1\/broken-link-checker-2-2-3-cross-site-scripting-almacenada-autenticada-administrador-a-traves-de-la-configuracion\/"},"modified":"2024-02-14T19:45:18","modified_gmt":"2024-02-14T19:45:18","slug":"broken-link-checker-2-2-3-cross-site-scripting-almacenada-autenticada-administrador-a-traves-de-la-configuracion","status":"publish","type":"post","link":"http:\/\/127.0.0.1\/broken-link-checker-2-2-3-cross-site-scripting-almacenada-autenticada-administrador-a-traves-de-la-configuracion\/","title":{"rendered":"Broken Link Checker <= 2.2.3 – Cross-Site Scripting almacenada autenticada (Administrador+) a trav\u00e9s de la configuraci\u00f3n"},"content":{"rendered":"
En este informe de seguridad, se ha descubierto una vulnerabilidad en el plugin Broken Link Checker para WordPress. Esta vulnerabilidad permite a atacantes autenticados con permisos de administrador o superiores iniciar un ataque de Cross-Site Scripting almacenada a trav\u00e9s de la configuraci\u00f3n del administrador.<\/div>\n

<\/p>\n

El plugin Broken Link Checker para WordPress es vulnerable a un ataque de Cross-Site Scripting almacenada a trav\u00e9s de la configuraci\u00f3n del administrador en todas las versiones anteriores a la 2.2.3. Esta vulnerabilidad se debe a la falta de sanitizaci\u00f3n de entrada y escape de salida. Los atacantes autenticados con permisos de administrador o superiores pueden inyectar scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a dicha p\u00e1gina inyectada. Es importante destacar que esto solo afecta a instalaciones de WordPress multi-sitio y a instalaciones donde se ha deshabilitado unfiltered_html.<\/div>\n
Para mitigar esta vulnerabilidad, se recomienda a los usuarios actualizar el plugin Broken Link Checker a la \u00faltima versi\u00f3n disponible. Adem\u00e1s, se debe realizar una revisi\u00f3n exhaustiva de los permisos de usuario en el sitio de WordPress para evitar que usuarios no autorizados obtengan acceso con privilegios de administrador o superiores. Tambi\u00e9n es importante mantener siempre actualizado WordPress y todos los plugins instalados en el sitio para evitar posibles vulnerabilidades conocidas.<\/div>\n","protected":false},"excerpt":{"rendered":"

En este informe de seguridad, se ha descubierto una vulnerabilidad en el plugin Broken Link Checker para WordPress. Esta vulnerabilidad permite a atacantes autenticados con permisos de administrador o superiores iniciar un ataque de Cross-Site Scripting almacenada a trav\u00e9s de la configuraci\u00f3n del administrador. El plugin Broken Link Checker para WordPress es vulnerable a un […]<\/p>\n","protected":false},"author":0,"featured_media":0,"comment_status":"","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[612],"class_list":["post-2899","post","type-post","status-publish","format-standard","hentry","category-uncategorized","tag-cve-2024-25592"],"yoast_head":"\nBroken Link Checker <= 2.2.3 - Cross-Site Scripting almacenada autenticada (Administrador+) a trav\u00e9s de la configuraci\u00f3n - SeguridadWordPress.es<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"http:\/\/127.0.0.1\/broken-link-checker-2-2-3-cross-site-scripting-almacenada-autenticada-administrador-a-traves-de-la-configuracion\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Broken Link Checker <= 2.2.3 - Cross-Site Scripting almacenada autenticada (Administrador+) a trav\u00e9s de la configuraci\u00f3n - SeguridadWordPress.es\" \/>\n<meta property=\"og:description\" content=\"En este informe de seguridad, se ha descubierto una vulnerabilidad en el plugin Broken Link Checker para WordPress. Esta vulnerabilidad permite a atacantes autenticados con permisos de administrador o superiores iniciar un ataque de Cross-Site Scripting almacenada a trav\u00e9s de la configuraci\u00f3n del administrador. El plugin Broken Link Checker para WordPress es vulnerable a un […]\" \/>\n<meta property=\"og:url\" content=\"http:\/\/127.0.0.1\/broken-link-checker-2-2-3-cross-site-scripting-almacenada-autenticada-administrador-a-traves-de-la-configuracion\/\" \/>\n<meta property=\"og:site_name\" content=\"SeguridadWordPress.es\" \/>\n<meta property=\"article:published_time\" content=\"2024-02-14T19:45:18+00:00\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"http:\/\/127.0.0.1\/broken-link-checker-2-2-3-cross-site-scripting-almacenada-autenticada-administrador-a-traves-de-la-configuracion\/\",\"url\":\"http:\/\/127.0.0.1\/broken-link-checker-2-2-3-cross-site-scripting-almacenada-autenticada-administrador-a-traves-de-la-configuracion\/\",\"name\":\"Broken Link Checker <= 2.2.3 - Cross-Site Scripting almacenada autenticada (Administrador+) a trav\u00e9s de la configuraci\u00f3n - SeguridadWordPress.es\",\"isPartOf\":{\"@id\":\"http:\/\/127.0.0.1\/#website\"},\"datePublished\":\"2024-02-14T19:45:18+00:00\",\"dateModified\":\"2024-02-14T19:45:18+00:00\",\"author\":{\"@id\":\"\"},\"breadcrumb\":{\"@id\":\"http:\/\/127.0.0.1\/broken-link-checker-2-2-3-cross-site-scripting-almacenada-autenticada-administrador-a-traves-de-la-configuracion\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"http:\/\/127.0.0.1\/broken-link-checker-2-2-3-cross-site-scripting-almacenada-autenticada-administrador-a-traves-de-la-configuracion\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"http:\/\/127.0.0.1\/broken-link-checker-2-2-3-cross-site-scripting-almacenada-autenticada-administrador-a-traves-de-la-configuracion\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"http:\/\/127.0.0.1\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Broken Link Checker <= 2.2.3 – Cross-Site Scripting almacenada autenticada (Administrador+) a trav\u00e9s de la configuraci\u00f3n\"}]},{\"@type\":\"WebSite\",\"@id\":\"http:\/\/127.0.0.1\/#website\",\"url\":\"http:\/\/127.0.0.1\/\",\"name\":\"SeguridadWordPress.es\",\"description\":\"Recopilaci\u00f3n de vulnerabilidades WordPress.\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"http:\/\/127.0.0.1\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Broken Link Checker <= 2.2.3 - Cross-Site Scripting almacenada autenticada (Administrador+) a trav\u00e9s de la configuraci\u00f3n - SeguridadWordPress.es","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"http:\/\/127.0.0.1\/broken-link-checker-2-2-3-cross-site-scripting-almacenada-autenticada-administrador-a-traves-de-la-configuracion\/","og_locale":"en_US","og_type":"article","og_title":"Broken Link Checker <= 2.2.3 - Cross-Site Scripting almacenada autenticada (Administrador+) a trav\u00e9s de la configuraci\u00f3n - SeguridadWordPress.es","og_description":"En este informe de seguridad, se ha descubierto una vulnerabilidad en el plugin Broken Link Checker para WordPress. Esta vulnerabilidad permite a atacantes autenticados con permisos de administrador o superiores iniciar un ataque de Cross-Site Scripting almacenada a trav\u00e9s de la configuraci\u00f3n del administrador. El plugin Broken Link Checker para WordPress es vulnerable a un […]","og_url":"http:\/\/127.0.0.1\/broken-link-checker-2-2-3-cross-site-scripting-almacenada-autenticada-administrador-a-traves-de-la-configuracion\/","og_site_name":"SeguridadWordPress.es","article_published_time":"2024-02-14T19:45:18+00:00","twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"http:\/\/127.0.0.1\/broken-link-checker-2-2-3-cross-site-scripting-almacenada-autenticada-administrador-a-traves-de-la-configuracion\/","url":"http:\/\/127.0.0.1\/broken-link-checker-2-2-3-cross-site-scripting-almacenada-autenticada-administrador-a-traves-de-la-configuracion\/","name":"Broken Link Checker <= 2.2.3 - Cross-Site Scripting almacenada autenticada (Administrador+) a trav\u00e9s de la configuraci\u00f3n - SeguridadWordPress.es","isPartOf":{"@id":"http:\/\/127.0.0.1\/#website"},"datePublished":"2024-02-14T19:45:18+00:00","dateModified":"2024-02-14T19:45:18+00:00","author":{"@id":""},"breadcrumb":{"@id":"http:\/\/127.0.0.1\/broken-link-checker-2-2-3-cross-site-scripting-almacenada-autenticada-administrador-a-traves-de-la-configuracion\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["http:\/\/127.0.0.1\/broken-link-checker-2-2-3-cross-site-scripting-almacenada-autenticada-administrador-a-traves-de-la-configuracion\/"]}]},{"@type":"BreadcrumbList","@id":"http:\/\/127.0.0.1\/broken-link-checker-2-2-3-cross-site-scripting-almacenada-autenticada-administrador-a-traves-de-la-configuracion\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"http:\/\/127.0.0.1\/"},{"@type":"ListItem","position":2,"name":"Broken Link Checker <= 2.2.3 – Cross-Site Scripting almacenada autenticada (Administrador+) a trav\u00e9s de la configuraci\u00f3n"}]},{"@type":"WebSite","@id":"http:\/\/127.0.0.1\/#website","url":"http:\/\/127.0.0.1\/","name":"SeguridadWordPress.es","description":"Recopilaci\u00f3n de vulnerabilidades WordPress.","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"http:\/\/127.0.0.1\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"}]}},"amp_enabled":true,"_links":{"self":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts\/2899"}],"collection":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/comments?post=2899"}],"version-history":[{"count":0,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts\/2899\/revisions"}],"wp:attachment":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/media?parent=2899"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/categories?post=2899"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/tags?post=2899"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}