{"id":3021,"date":"2024-02-27T20:46:28","date_gmt":"2024-02-27T20:46:28","guid":{"rendered":"http:\/\/127.0.0.1\/vulnerabilidad-csrf-en-envos-elementor-templates-widgets-for-woocommerce-1-4-4-2\/"},"modified":"2024-02-27T20:46:28","modified_gmt":"2024-02-27T20:46:28","slug":"vulnerabilidad-csrf-en-envos-elementor-templates-widgets-for-woocommerce-1-4-4-2","status":"publish","type":"post","link":"http:\/\/127.0.0.1\/vulnerabilidad-csrf-en-envos-elementor-templates-widgets-for-woocommerce-1-4-4-2\/","title":{"rendered":"Vulnerabilidad CSRF en Envo’s Elementor Templates & Widgets for WooCommerce <= 1.4.4"},"content":{"rendered":"
El plugin Envo’s Elementor Templates & Widgets for WooCommerce para WordPress es vulnerable a Cross-Site Request Forgery (CSRF) en versiones hasta 1.4.4. Esta vulnerabilidad se debe a la falta de validaci\u00f3n de nonce en la funci\u00f3n ajax_plugin_activation. Esto permite a atacantes no autenticados activar plugins instalados arbitrariamente a trav\u00e9s de una solicitud falsificada, siempre y cuando puedan enga\u00f1ar a un administrador del sitio para que realice una acci\u00f3n como hacer clic en un enlace.<\/div>\n

<\/p>\n

Los usuarios afectados por esta vulnerabilidad en Envo’s Elementor Templates & Widgets for WooCommerce deben actualizar a la \u00faltima versi\u00f3n disponible, en este caso la 1.4.5, que incluye una correcci\u00f3n para la validaci\u00f3n de nonce en la funci\u00f3n ajax_plugin_activation. Adem\u00e1s, se recomienda a los administradores del sitio que est\u00e9n atentos a posibles acciones sospechosas en sus sitios y que implementen medidas de seguridad adicionales, como la autenticaci\u00f3n de dos factores.<\/div>\n
Es crucial mantener todos los plugins y temas de WordPress actualizados para protegerse de vulnerabilidades como CSRF. Al tomar medidas proactivas para garantizar la seguridad de su sitio, los administradores pueden reducir significativamente el riesgo de ser v\u00edctimas de ataques maliciosos.<\/div>\n","protected":false},"excerpt":{"rendered":"

El plugin Envo’s Elementor Templates & Widgets for WooCommerce para WordPress es vulnerable a Cross-Site Request Forgery (CSRF) en versiones hasta 1.4.4. Esta vulnerabilidad se debe a la falta de validaci\u00f3n de nonce en la funci\u00f3n ajax_plugin_activation. Esto permite a atacantes no autenticados activar plugins instalados arbitrariamente a trav\u00e9s de una solicitud falsificada, siempre y […]<\/p>\n","protected":false},"author":0,"featured_media":0,"comment_status":"","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[734],"class_list":["post-3021","post","type-post","status-publish","format-standard","hentry","category-uncategorized","tag-cve-2024-0767"],"yoast_head":"\nVulnerabilidad CSRF en Envo's Elementor Templates & Widgets for WooCommerce <= 1.4.4 - SeguridadWordPress.es<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"http:\/\/127.0.0.1\/vulnerabilidad-csrf-en-envos-elementor-templates-widgets-for-woocommerce-1-4-4-2\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Vulnerabilidad CSRF en Envo's Elementor Templates & Widgets for WooCommerce <= 1.4.4 - SeguridadWordPress.es\" \/>\n<meta property=\"og:description\" content=\"El plugin Envo’s Elementor Templates & Widgets for WooCommerce para WordPress es vulnerable a Cross-Site Request Forgery (CSRF) en versiones hasta 1.4.4. Esta vulnerabilidad se debe a la falta de validaci\u00f3n de nonce en la funci\u00f3n ajax_plugin_activation. Esto permite a atacantes no autenticados activar plugins instalados arbitrariamente a trav\u00e9s de una solicitud falsificada, siempre y […]\" \/>\n<meta property=\"og:url\" content=\"http:\/\/127.0.0.1\/vulnerabilidad-csrf-en-envos-elementor-templates-widgets-for-woocommerce-1-4-4-2\/\" \/>\n<meta property=\"og:site_name\" content=\"SeguridadWordPress.es\" \/>\n<meta property=\"article:published_time\" content=\"2024-02-27T20:46:28+00:00\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"http:\/\/127.0.0.1\/vulnerabilidad-csrf-en-envos-elementor-templates-widgets-for-woocommerce-1-4-4-2\/\",\"url\":\"http:\/\/127.0.0.1\/vulnerabilidad-csrf-en-envos-elementor-templates-widgets-for-woocommerce-1-4-4-2\/\",\"name\":\"Vulnerabilidad CSRF en Envo's Elementor Templates & Widgets for WooCommerce <= 1.4.4 - SeguridadWordPress.es\",\"isPartOf\":{\"@id\":\"http:\/\/127.0.0.1\/#website\"},\"datePublished\":\"2024-02-27T20:46:28+00:00\",\"dateModified\":\"2024-02-27T20:46:28+00:00\",\"author\":{\"@id\":\"\"},\"breadcrumb\":{\"@id\":\"http:\/\/127.0.0.1\/vulnerabilidad-csrf-en-envos-elementor-templates-widgets-for-woocommerce-1-4-4-2\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"http:\/\/127.0.0.1\/vulnerabilidad-csrf-en-envos-elementor-templates-widgets-for-woocommerce-1-4-4-2\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"http:\/\/127.0.0.1\/vulnerabilidad-csrf-en-envos-elementor-templates-widgets-for-woocommerce-1-4-4-2\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"http:\/\/127.0.0.1\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Vulnerabilidad CSRF en Envo’s Elementor Templates & Widgets for WooCommerce <= 1.4.4\"}]},{\"@type\":\"WebSite\",\"@id\":\"http:\/\/127.0.0.1\/#website\",\"url\":\"http:\/\/127.0.0.1\/\",\"name\":\"SeguridadWordPress.es\",\"description\":\"Recopilaci\u00f3n de vulnerabilidades WordPress.\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"http:\/\/127.0.0.1\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Vulnerabilidad CSRF en Envo's Elementor Templates & Widgets for WooCommerce <= 1.4.4 - SeguridadWordPress.es","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"http:\/\/127.0.0.1\/vulnerabilidad-csrf-en-envos-elementor-templates-widgets-for-woocommerce-1-4-4-2\/","og_locale":"en_US","og_type":"article","og_title":"Vulnerabilidad CSRF en Envo's Elementor Templates & Widgets for WooCommerce <= 1.4.4 - SeguridadWordPress.es","og_description":"El plugin Envo’s Elementor Templates & Widgets for WooCommerce para WordPress es vulnerable a Cross-Site Request Forgery (CSRF) en versiones hasta 1.4.4. Esta vulnerabilidad se debe a la falta de validaci\u00f3n de nonce en la funci\u00f3n ajax_plugin_activation. Esto permite a atacantes no autenticados activar plugins instalados arbitrariamente a trav\u00e9s de una solicitud falsificada, siempre y […]","og_url":"http:\/\/127.0.0.1\/vulnerabilidad-csrf-en-envos-elementor-templates-widgets-for-woocommerce-1-4-4-2\/","og_site_name":"SeguridadWordPress.es","article_published_time":"2024-02-27T20:46:28+00:00","twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"http:\/\/127.0.0.1\/vulnerabilidad-csrf-en-envos-elementor-templates-widgets-for-woocommerce-1-4-4-2\/","url":"http:\/\/127.0.0.1\/vulnerabilidad-csrf-en-envos-elementor-templates-widgets-for-woocommerce-1-4-4-2\/","name":"Vulnerabilidad CSRF en Envo's Elementor Templates & Widgets for WooCommerce <= 1.4.4 - SeguridadWordPress.es","isPartOf":{"@id":"http:\/\/127.0.0.1\/#website"},"datePublished":"2024-02-27T20:46:28+00:00","dateModified":"2024-02-27T20:46:28+00:00","author":{"@id":""},"breadcrumb":{"@id":"http:\/\/127.0.0.1\/vulnerabilidad-csrf-en-envos-elementor-templates-widgets-for-woocommerce-1-4-4-2\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["http:\/\/127.0.0.1\/vulnerabilidad-csrf-en-envos-elementor-templates-widgets-for-woocommerce-1-4-4-2\/"]}]},{"@type":"BreadcrumbList","@id":"http:\/\/127.0.0.1\/vulnerabilidad-csrf-en-envos-elementor-templates-widgets-for-woocommerce-1-4-4-2\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"http:\/\/127.0.0.1\/"},{"@type":"ListItem","position":2,"name":"Vulnerabilidad CSRF en Envo’s Elementor Templates & Widgets for WooCommerce <= 1.4.4"}]},{"@type":"WebSite","@id":"http:\/\/127.0.0.1\/#website","url":"http:\/\/127.0.0.1\/","name":"SeguridadWordPress.es","description":"Recopilaci\u00f3n de vulnerabilidades WordPress.","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"http:\/\/127.0.0.1\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"}]}},"amp_enabled":true,"_links":{"self":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts\/3021"}],"collection":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/comments?post=3021"}],"version-history":[{"count":0,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts\/3021\/revisions"}],"wp:attachment":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/media?parent=3021"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/categories?post=3021"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/tags?post=3021"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}