{"id":3008,"date":"2024-02-27T18:45:08","date_gmt":"2024-02-27T18:45:08","guid":{"rendered":"http:\/\/127.0.0.1\/seraphinite-accelerator-2-20-52-ssrf-autenticado-suscriptor-en-onadminapi_htmlcheck\/"},"modified":"2024-02-27T18:45:08","modified_gmt":"2024-02-27T18:45:08","slug":"seraphinite-accelerator-2-20-52-ssrf-autenticado-suscriptor-en-onadminapi_htmlcheck","status":"publish","type":"post","link":"http:\/\/127.0.0.1\/seraphinite-accelerator-2-20-52-ssrf-autenticado-suscriptor-en-onadminapi_htmlcheck\/","title":{"rendered":"Seraphinite Accelerator <= 2.20.52 – SSRF Autenticado (Suscriptor+) en OnAdminApi_HtmlCheck"},"content":{"rendered":"
El plugin Seraphinite Accelerator para WordPress es vulnerable a Server-Side Request Forgery (SSRF) en todas las versiones hasta, e incluyendo, la 2.20.52 a trav\u00e9s de la funci\u00f3n OnAdminApi_HtmlCheck. Esto permite a atacantes autenticados, con acceso de nivel suscriptor y superior, realizar solicitudes web a ubicaciones arbitrarias originadas desde la aplicaci\u00f3n web y puede ser utilizado para consultar y modificar informaci\u00f3n de servicios internos.<\/div>\n

<\/p>\n

Los usuarios que utilicen el plugin Seraphinite Accelerator deber\u00edan actualizarlo a la \u00faltima versi\u00f3n disponible para protegerse contra esta vulnerabilidad. Adem\u00e1s, se recomienda limitar los privilegios de los usuarios en WordPress, otorgando solo los permisos necesarios para realizar sus tareas asignadas y mantener un monitoreo constante de los registros de actividad para detectar posibles actividades maliciosas.<\/div>\n
La explotaci\u00f3n de esta vulnerabilidad puede tener consecuencias graves en la seguridad de un sitio web, por lo que es crucial tomar medidas preventivas como las mencionadas anteriormente para protegerse de posibles ataques de SSRF en el plugin Seraphinite Accelerator.<\/div>\n","protected":false},"excerpt":{"rendered":"

El plugin Seraphinite Accelerator para WordPress es vulnerable a Server-Side Request Forgery (SSRF) en todas las versiones hasta, e incluyendo, la 2.20.52 a trav\u00e9s de la funci\u00f3n OnAdminApi_HtmlCheck. Esto permite a atacantes autenticados, con acceso de nivel suscriptor y superior, realizar solicitudes web a ubicaciones arbitrarias originadas desde la aplicaci\u00f3n web y puede ser utilizado […]<\/p>\n","protected":false},"author":0,"featured_media":0,"comment_status":"","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[721],"class_list":["post-3008","post","type-post","status-publish","format-standard","hentry","category-uncategorized","tag-cve-2024-1568"],"yoast_head":"\nSeraphinite Accelerator <= 2.20.52 - SSRF Autenticado (Suscriptor+) en OnAdminApi_HtmlCheck - SeguridadWordPress.es<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"http:\/\/127.0.0.1\/seraphinite-accelerator-2-20-52-ssrf-autenticado-suscriptor-en-onadminapi_htmlcheck\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Seraphinite Accelerator <= 2.20.52 - SSRF Autenticado (Suscriptor+) en OnAdminApi_HtmlCheck - SeguridadWordPress.es\" \/>\n<meta property=\"og:description\" content=\"El plugin Seraphinite Accelerator para WordPress es vulnerable a Server-Side Request Forgery (SSRF) en todas las versiones hasta, e incluyendo, la 2.20.52 a trav\u00e9s de la funci\u00f3n OnAdminApi_HtmlCheck. Esto permite a atacantes autenticados, con acceso de nivel suscriptor y superior, realizar solicitudes web a ubicaciones arbitrarias originadas desde la aplicaci\u00f3n web y puede ser utilizado […]\" \/>\n<meta property=\"og:url\" content=\"http:\/\/127.0.0.1\/seraphinite-accelerator-2-20-52-ssrf-autenticado-suscriptor-en-onadminapi_htmlcheck\/\" \/>\n<meta property=\"og:site_name\" content=\"SeguridadWordPress.es\" \/>\n<meta property=\"article:published_time\" content=\"2024-02-27T18:45:08+00:00\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"http:\/\/127.0.0.1\/seraphinite-accelerator-2-20-52-ssrf-autenticado-suscriptor-en-onadminapi_htmlcheck\/\",\"url\":\"http:\/\/127.0.0.1\/seraphinite-accelerator-2-20-52-ssrf-autenticado-suscriptor-en-onadminapi_htmlcheck\/\",\"name\":\"Seraphinite Accelerator <= 2.20.52 - SSRF Autenticado (Suscriptor+) en OnAdminApi_HtmlCheck - SeguridadWordPress.es\",\"isPartOf\":{\"@id\":\"http:\/\/127.0.0.1\/#website\"},\"datePublished\":\"2024-02-27T18:45:08+00:00\",\"dateModified\":\"2024-02-27T18:45:08+00:00\",\"author\":{\"@id\":\"\"},\"breadcrumb\":{\"@id\":\"http:\/\/127.0.0.1\/seraphinite-accelerator-2-20-52-ssrf-autenticado-suscriptor-en-onadminapi_htmlcheck\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"http:\/\/127.0.0.1\/seraphinite-accelerator-2-20-52-ssrf-autenticado-suscriptor-en-onadminapi_htmlcheck\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"http:\/\/127.0.0.1\/seraphinite-accelerator-2-20-52-ssrf-autenticado-suscriptor-en-onadminapi_htmlcheck\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"http:\/\/127.0.0.1\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Seraphinite Accelerator <= 2.20.52 – SSRF Autenticado (Suscriptor+) en OnAdminApi_HtmlCheck\"}]},{\"@type\":\"WebSite\",\"@id\":\"http:\/\/127.0.0.1\/#website\",\"url\":\"http:\/\/127.0.0.1\/\",\"name\":\"SeguridadWordPress.es\",\"description\":\"Recopilaci\u00f3n de vulnerabilidades WordPress.\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"http:\/\/127.0.0.1\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Seraphinite Accelerator <= 2.20.52 - SSRF Autenticado (Suscriptor+) en OnAdminApi_HtmlCheck - SeguridadWordPress.es","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"http:\/\/127.0.0.1\/seraphinite-accelerator-2-20-52-ssrf-autenticado-suscriptor-en-onadminapi_htmlcheck\/","og_locale":"en_US","og_type":"article","og_title":"Seraphinite Accelerator <= 2.20.52 - SSRF Autenticado (Suscriptor+) en OnAdminApi_HtmlCheck - SeguridadWordPress.es","og_description":"El plugin Seraphinite Accelerator para WordPress es vulnerable a Server-Side Request Forgery (SSRF) en todas las versiones hasta, e incluyendo, la 2.20.52 a trav\u00e9s de la funci\u00f3n OnAdminApi_HtmlCheck. Esto permite a atacantes autenticados, con acceso de nivel suscriptor y superior, realizar solicitudes web a ubicaciones arbitrarias originadas desde la aplicaci\u00f3n web y puede ser utilizado […]","og_url":"http:\/\/127.0.0.1\/seraphinite-accelerator-2-20-52-ssrf-autenticado-suscriptor-en-onadminapi_htmlcheck\/","og_site_name":"SeguridadWordPress.es","article_published_time":"2024-02-27T18:45:08+00:00","twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"http:\/\/127.0.0.1\/seraphinite-accelerator-2-20-52-ssrf-autenticado-suscriptor-en-onadminapi_htmlcheck\/","url":"http:\/\/127.0.0.1\/seraphinite-accelerator-2-20-52-ssrf-autenticado-suscriptor-en-onadminapi_htmlcheck\/","name":"Seraphinite Accelerator <= 2.20.52 - SSRF Autenticado (Suscriptor+) en OnAdminApi_HtmlCheck - SeguridadWordPress.es","isPartOf":{"@id":"http:\/\/127.0.0.1\/#website"},"datePublished":"2024-02-27T18:45:08+00:00","dateModified":"2024-02-27T18:45:08+00:00","author":{"@id":""},"breadcrumb":{"@id":"http:\/\/127.0.0.1\/seraphinite-accelerator-2-20-52-ssrf-autenticado-suscriptor-en-onadminapi_htmlcheck\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["http:\/\/127.0.0.1\/seraphinite-accelerator-2-20-52-ssrf-autenticado-suscriptor-en-onadminapi_htmlcheck\/"]}]},{"@type":"BreadcrumbList","@id":"http:\/\/127.0.0.1\/seraphinite-accelerator-2-20-52-ssrf-autenticado-suscriptor-en-onadminapi_htmlcheck\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"http:\/\/127.0.0.1\/"},{"@type":"ListItem","position":2,"name":"Seraphinite Accelerator <= 2.20.52 – SSRF Autenticado (Suscriptor+) en OnAdminApi_HtmlCheck"}]},{"@type":"WebSite","@id":"http:\/\/127.0.0.1\/#website","url":"http:\/\/127.0.0.1\/","name":"SeguridadWordPress.es","description":"Recopilaci\u00f3n de vulnerabilidades WordPress.","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"http:\/\/127.0.0.1\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"}]}},"amp_enabled":true,"_links":{"self":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts\/3008"}],"collection":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/comments?post=3008"}],"version-history":[{"count":0,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts\/3008\/revisions"}],"wp:attachment":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/media?parent=3008"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/categories?post=3008"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/tags?post=3008"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}