{"id":3050,"date":"2024-02-28T18:45:23","date_gmt":"2024-02-28T18:45:23","guid":{"rendered":"http:\/\/127.0.0.1\/events-manager-6-4-6-4-xss-cruzado-almacenado-autenticadoadministrador-a-traves-de-ajustes\/"},"modified":"2024-02-28T18:45:23","modified_gmt":"2024-02-28T18:45:23","slug":"events-manager-6-4-6-4-xss-cruzado-almacenado-autenticadoadministrador-a-traves-de-ajustes","status":"publish","type":"post","link":"http:\/\/127.0.0.1\/events-manager-6-4-6-4-xss-cruzado-almacenado-autenticadoadministrador-a-traves-de-ajustes\/","title":{"rendered":"Events Manager <= 6.4.6.4 – XSS Cruzado Almacenado Autenticado(Administrador+) a trav\u00e9s de ajustes"},"content":{"rendered":"
La vulnerabilidad de Cross-Site Scripting (XSS) almacenado en el plugin Events Manager para WordPress permite a atacantes autenticados con permisos de administrador o superiores insertar scripts web maliciosos en p\u00e1ginas que se ejecutar\u00e1n cuando un usuario acceda a la p\u00e1gina infectada.<\/div>\n

<\/p>\n

El plugin Events Manager para WordPress es vulnerable a XSS almacenado a trav\u00e9s de la configuraci\u00f3n del panel de administraci\u00f3n en todas las versiones hasta la 6.4.6.4 debido a una sanitizaci\u00f3n insuficiente de la entrada y a la falta de escape de la salida. Para subsanar este problema, los usuarios afectados deben actualizar el plugin a la versi\u00f3n m\u00e1s reciente disponible y revisar los permisos de los usuarios para limitar el acceso de administrador solo a usuarios de confianza. Adem\u00e1s, se recomienda habilitar la opci\u00f3n de filtro de HTML no filtrado (unfiltered_html) para agregar una capa adicional de protecci\u00f3n.<\/div>\n
Es fundamental mantener actualizados los plugins de WordPress y revisar peri\u00f3dicamente los permisos de los usuarios para prevenir ataques de XSS almacenado. Al tomar medidas proactivas, se puede reducir significativamente el riesgo de compromiso de la seguridad de un sitio web.<\/div>\n","protected":false},"excerpt":{"rendered":"

La vulnerabilidad de Cross-Site Scripting (XSS) almacenado en el plugin Events Manager para WordPress permite a atacantes autenticados con permisos de administrador o superiores insertar scripts web maliciosos en p\u00e1ginas que se ejecutar\u00e1n cuando un usuario acceda a la p\u00e1gina infectada. El plugin Events Manager para WordPress es vulnerable a XSS almacenado a trav\u00e9s de […]<\/p>\n","protected":false},"author":0,"featured_media":0,"comment_status":"","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[763],"class_list":["post-3050","post","type-post","status-publish","format-standard","hentry","category-uncategorized","tag-cve-2024-0614"],"yoast_head":"\nEvents Manager <= 6.4.6.4 - XSS Cruzado Almacenado Autenticado(Administrador+) a trav\u00e9s de ajustes - SeguridadWordPress.es<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"http:\/\/127.0.0.1\/events-manager-6-4-6-4-xss-cruzado-almacenado-autenticadoadministrador-a-traves-de-ajustes\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Events Manager <= 6.4.6.4 - XSS Cruzado Almacenado Autenticado(Administrador+) a trav\u00e9s de ajustes - SeguridadWordPress.es\" \/>\n<meta property=\"og:description\" content=\"La vulnerabilidad de Cross-Site Scripting (XSS) almacenado en el plugin Events Manager para WordPress permite a atacantes autenticados con permisos de administrador o superiores insertar scripts web maliciosos en p\u00e1ginas que se ejecutar\u00e1n cuando un usuario acceda a la p\u00e1gina infectada. El plugin Events Manager para WordPress es vulnerable a XSS almacenado a trav\u00e9s de […]\" \/>\n<meta property=\"og:url\" content=\"http:\/\/127.0.0.1\/events-manager-6-4-6-4-xss-cruzado-almacenado-autenticadoadministrador-a-traves-de-ajustes\/\" \/>\n<meta property=\"og:site_name\" content=\"SeguridadWordPress.es\" \/>\n<meta property=\"article:published_time\" content=\"2024-02-28T18:45:23+00:00\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"http:\/\/127.0.0.1\/events-manager-6-4-6-4-xss-cruzado-almacenado-autenticadoadministrador-a-traves-de-ajustes\/\",\"url\":\"http:\/\/127.0.0.1\/events-manager-6-4-6-4-xss-cruzado-almacenado-autenticadoadministrador-a-traves-de-ajustes\/\",\"name\":\"Events Manager <= 6.4.6.4 - XSS Cruzado Almacenado Autenticado(Administrador+) a trav\u00e9s de ajustes - SeguridadWordPress.es\",\"isPartOf\":{\"@id\":\"http:\/\/127.0.0.1\/#website\"},\"datePublished\":\"2024-02-28T18:45:23+00:00\",\"dateModified\":\"2024-02-28T18:45:23+00:00\",\"author\":{\"@id\":\"\"},\"breadcrumb\":{\"@id\":\"http:\/\/127.0.0.1\/events-manager-6-4-6-4-xss-cruzado-almacenado-autenticadoadministrador-a-traves-de-ajustes\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"http:\/\/127.0.0.1\/events-manager-6-4-6-4-xss-cruzado-almacenado-autenticadoadministrador-a-traves-de-ajustes\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"http:\/\/127.0.0.1\/events-manager-6-4-6-4-xss-cruzado-almacenado-autenticadoadministrador-a-traves-de-ajustes\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"http:\/\/127.0.0.1\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Events Manager <= 6.4.6.4 – XSS Cruzado Almacenado Autenticado(Administrador+) a trav\u00e9s de ajustes\"}]},{\"@type\":\"WebSite\",\"@id\":\"http:\/\/127.0.0.1\/#website\",\"url\":\"http:\/\/127.0.0.1\/\",\"name\":\"SeguridadWordPress.es\",\"description\":\"Recopilaci\u00f3n de vulnerabilidades WordPress.\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"http:\/\/127.0.0.1\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Events Manager <= 6.4.6.4 - XSS Cruzado Almacenado Autenticado(Administrador+) a trav\u00e9s de ajustes - SeguridadWordPress.es","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"http:\/\/127.0.0.1\/events-manager-6-4-6-4-xss-cruzado-almacenado-autenticadoadministrador-a-traves-de-ajustes\/","og_locale":"en_US","og_type":"article","og_title":"Events Manager <= 6.4.6.4 - XSS Cruzado Almacenado Autenticado(Administrador+) a trav\u00e9s de ajustes - SeguridadWordPress.es","og_description":"La vulnerabilidad de Cross-Site Scripting (XSS) almacenado en el plugin Events Manager para WordPress permite a atacantes autenticados con permisos de administrador o superiores insertar scripts web maliciosos en p\u00e1ginas que se ejecutar\u00e1n cuando un usuario acceda a la p\u00e1gina infectada. El plugin Events Manager para WordPress es vulnerable a XSS almacenado a trav\u00e9s de […]","og_url":"http:\/\/127.0.0.1\/events-manager-6-4-6-4-xss-cruzado-almacenado-autenticadoadministrador-a-traves-de-ajustes\/","og_site_name":"SeguridadWordPress.es","article_published_time":"2024-02-28T18:45:23+00:00","twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"http:\/\/127.0.0.1\/events-manager-6-4-6-4-xss-cruzado-almacenado-autenticadoadministrador-a-traves-de-ajustes\/","url":"http:\/\/127.0.0.1\/events-manager-6-4-6-4-xss-cruzado-almacenado-autenticadoadministrador-a-traves-de-ajustes\/","name":"Events Manager <= 6.4.6.4 - XSS Cruzado Almacenado Autenticado(Administrador+) a trav\u00e9s de ajustes - SeguridadWordPress.es","isPartOf":{"@id":"http:\/\/127.0.0.1\/#website"},"datePublished":"2024-02-28T18:45:23+00:00","dateModified":"2024-02-28T18:45:23+00:00","author":{"@id":""},"breadcrumb":{"@id":"http:\/\/127.0.0.1\/events-manager-6-4-6-4-xss-cruzado-almacenado-autenticadoadministrador-a-traves-de-ajustes\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["http:\/\/127.0.0.1\/events-manager-6-4-6-4-xss-cruzado-almacenado-autenticadoadministrador-a-traves-de-ajustes\/"]}]},{"@type":"BreadcrumbList","@id":"http:\/\/127.0.0.1\/events-manager-6-4-6-4-xss-cruzado-almacenado-autenticadoadministrador-a-traves-de-ajustes\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"http:\/\/127.0.0.1\/"},{"@type":"ListItem","position":2,"name":"Events Manager <= 6.4.6.4 – XSS Cruzado Almacenado Autenticado(Administrador+) a trav\u00e9s de ajustes"}]},{"@type":"WebSite","@id":"http:\/\/127.0.0.1\/#website","url":"http:\/\/127.0.0.1\/","name":"SeguridadWordPress.es","description":"Recopilaci\u00f3n de vulnerabilidades WordPress.","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"http:\/\/127.0.0.1\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"}]}},"amp_enabled":true,"_links":{"self":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts\/3050"}],"collection":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/comments?post=3050"}],"version-history":[{"count":0,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts\/3050\/revisions"}],"wp:attachment":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/media?parent=3050"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/categories?post=3050"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/tags?post=3050"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}