{"id":3099,"date":"2024-03-05T19:45:08","date_gmt":"2024-03-05T19:45:08","guid":{"rendered":"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-xss-almacenada-en-fluent-forms-5-1-9\/"},"modified":"2024-03-05T19:45:08","modified_gmt":"2024-03-05T19:45:08","slug":"vulnerabilidad-de-cross-site-scripting-xss-almacenada-en-fluent-forms-5-1-9","status":"publish","type":"post","link":"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-xss-almacenada-en-fluent-forms-5-1-9\/","title":{"rendered":"Vulnerabilidad de Cross-Site Scripting (XSS) almacenada en Fluent Forms <= 5.1.9"},"content":{"rendered":"
El plugin Fluent Forms para WordPress es vulnerable a Cross-Site Scripting (XSS) almacenada en todas las versiones hasta la 5.1.9 debido a una insuficiente sanitizaci\u00f3n de entradas y escape de salidas. Esta vulnerabilidad permite a los atacantes insertar scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a esa p\u00e1gina inyectada.<\/div>\n

<\/p>\n

La explotaci\u00f3n de esta vulnerabilidad depende de qui\u00e9n tenga el derecho de crear formularios otorgado por un administrador. Este nivel puede ser tan bajo como un contribuidor, pero por defecto es el nivel de administrador. Para mitigar este riesgo, se recomienda a los usuarios actualizar el plugin a la versi\u00f3n m\u00e1s reciente disponible y revisar y filtrar cuidadosamente cualquier entrada de datos que se muestre en las p\u00e1ginas generadas por este plugin.<\/div>\n
Es fundamental que los usuarios de Fluent Forms actualicen su plugin a la \u00faltima versi\u00f3n y adopten buenas pr\u00e1cticas de seguridad al manejar entradas de datos para evitar posibles ataques de Cross-Site Scripting (XSS) almacenada.<\/div>\n","protected":false},"excerpt":{"rendered":"

El plugin Fluent Forms para WordPress es vulnerable a Cross-Site Scripting (XSS) almacenada en todas las versiones hasta la 5.1.9 debido a una insuficiente sanitizaci\u00f3n de entradas y escape de salidas. Esta vulnerabilidad permite a los atacantes insertar scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a esa p\u00e1gina […]<\/p>\n","protected":false},"author":0,"featured_media":0,"comment_status":"","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[812],"class_list":["post-3099","post","type-post","status-publish","format-standard","hentry","category-uncategorized","tag-cve-2023-6957"],"yoast_head":"\nVulnerabilidad de Cross-Site Scripting (XSS) almacenada en Fluent Forms <= 5.1.9 - SeguridadWordPress.es<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-xss-almacenada-en-fluent-forms-5-1-9\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Vulnerabilidad de Cross-Site Scripting (XSS) almacenada en Fluent Forms <= 5.1.9 - SeguridadWordPress.es\" \/>\n<meta property=\"og:description\" content=\"El plugin Fluent Forms para WordPress es vulnerable a Cross-Site Scripting (XSS) almacenada en todas las versiones hasta la 5.1.9 debido a una insuficiente sanitizaci\u00f3n de entradas y escape de salidas. Esta vulnerabilidad permite a los atacantes insertar scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a esa p\u00e1gina […]\" \/>\n<meta property=\"og:url\" content=\"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-xss-almacenada-en-fluent-forms-5-1-9\/\" \/>\n<meta property=\"og:site_name\" content=\"SeguridadWordPress.es\" \/>\n<meta property=\"article:published_time\" content=\"2024-03-05T19:45:08+00:00\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-xss-almacenada-en-fluent-forms-5-1-9\/\",\"url\":\"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-xss-almacenada-en-fluent-forms-5-1-9\/\",\"name\":\"Vulnerabilidad de Cross-Site Scripting (XSS) almacenada en Fluent Forms <= 5.1.9 - SeguridadWordPress.es\",\"isPartOf\":{\"@id\":\"http:\/\/127.0.0.1\/#website\"},\"datePublished\":\"2024-03-05T19:45:08+00:00\",\"dateModified\":\"2024-03-05T19:45:08+00:00\",\"author\":{\"@id\":\"\"},\"breadcrumb\":{\"@id\":\"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-xss-almacenada-en-fluent-forms-5-1-9\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-xss-almacenada-en-fluent-forms-5-1-9\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-xss-almacenada-en-fluent-forms-5-1-9\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"http:\/\/127.0.0.1\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Vulnerabilidad de Cross-Site Scripting (XSS) almacenada en Fluent Forms <= 5.1.9\"}]},{\"@type\":\"WebSite\",\"@id\":\"http:\/\/127.0.0.1\/#website\",\"url\":\"http:\/\/127.0.0.1\/\",\"name\":\"SeguridadWordPress.es\",\"description\":\"Recopilaci\u00f3n de vulnerabilidades WordPress.\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"http:\/\/127.0.0.1\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Vulnerabilidad de Cross-Site Scripting (XSS) almacenada en Fluent Forms <= 5.1.9 - SeguridadWordPress.es","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-xss-almacenada-en-fluent-forms-5-1-9\/","og_locale":"en_US","og_type":"article","og_title":"Vulnerabilidad de Cross-Site Scripting (XSS) almacenada en Fluent Forms <= 5.1.9 - SeguridadWordPress.es","og_description":"El plugin Fluent Forms para WordPress es vulnerable a Cross-Site Scripting (XSS) almacenada en todas las versiones hasta la 5.1.9 debido a una insuficiente sanitizaci\u00f3n de entradas y escape de salidas. Esta vulnerabilidad permite a los atacantes insertar scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a esa p\u00e1gina […]","og_url":"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-xss-almacenada-en-fluent-forms-5-1-9\/","og_site_name":"SeguridadWordPress.es","article_published_time":"2024-03-05T19:45:08+00:00","twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-xss-almacenada-en-fluent-forms-5-1-9\/","url":"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-xss-almacenada-en-fluent-forms-5-1-9\/","name":"Vulnerabilidad de Cross-Site Scripting (XSS) almacenada en Fluent Forms <= 5.1.9 - SeguridadWordPress.es","isPartOf":{"@id":"http:\/\/127.0.0.1\/#website"},"datePublished":"2024-03-05T19:45:08+00:00","dateModified":"2024-03-05T19:45:08+00:00","author":{"@id":""},"breadcrumb":{"@id":"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-xss-almacenada-en-fluent-forms-5-1-9\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-xss-almacenada-en-fluent-forms-5-1-9\/"]}]},{"@type":"BreadcrumbList","@id":"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-xss-almacenada-en-fluent-forms-5-1-9\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"http:\/\/127.0.0.1\/"},{"@type":"ListItem","position":2,"name":"Vulnerabilidad de Cross-Site Scripting (XSS) almacenada en Fluent Forms <= 5.1.9"}]},{"@type":"WebSite","@id":"http:\/\/127.0.0.1\/#website","url":"http:\/\/127.0.0.1\/","name":"SeguridadWordPress.es","description":"Recopilaci\u00f3n de vulnerabilidades WordPress.","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"http:\/\/127.0.0.1\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"}]}},"amp_enabled":true,"_links":{"self":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts\/3099"}],"collection":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/comments?post=3099"}],"version-history":[{"count":0,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts\/3099\/revisions"}],"wp:attachment":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/media?parent=3099"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/categories?post=3099"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/tags?post=3099"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}