{"id":3102,"date":"2024-03-05T21:45:06","date_gmt":"2024-03-05T21:45:06","guid":{"rendered":"http:\/\/127.0.0.1\/simple-membership-4-4-2-cross-site-scripting-basado-en-almacenamiento-sin-autenticacion\/"},"modified":"2024-03-05T21:45:06","modified_gmt":"2024-03-05T21:45:06","slug":"simple-membership-4-4-2-cross-site-scripting-basado-en-almacenamiento-sin-autenticacion","status":"publish","type":"post","link":"http:\/\/127.0.0.1\/simple-membership-4-4-2-cross-site-scripting-basado-en-almacenamiento-sin-autenticacion\/","title":{"rendered":"Simple Membership <= 4.4.2 – Cross-Site Scripting basado en almacenamiento sin autenticaci\u00f3n"},"content":{"rendered":"
La vulnerabilidad CVE-2024-1985 afecta al plugin Simple Membership para WordPress, permitiendo a atacantes no autenticados realizar ataques de Cross-Site Scripting almacenado a trav\u00e9s del par\u00e1metro ‘Nombre a mostrar’. Esta vulnerabilidad se da en todas las versiones hasta la 4.4.2 debido a una insuficiente sanitizaci\u00f3n de entrada y escape de salida.<\/div>\n

<\/p>\n

Los atacantes podr\u00edan inyectar scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00edan cada vez que un usuario accede a la p\u00e1gina comprometida. Aunque para explotar esta vulnerabilidad se requiere de ingenier\u00eda social, el impacto podr\u00eda ser limitado ya que el atacante necesitar\u00eda que un usuario iniciara sesi\u00f3n con el payload inyectado para su ejecuci\u00f3n.<\/div>\n
Para protegerse de esta vulnerabilidad, se recomienda actualizar el plugin Simple Membership a la \u00faltima versi\u00f3n disponible. Adem\u00e1s, se aconseja a los usuarios estar atentos a cualquier actividad sospechosa en sus sitios web y llevar a cabo una adecuada validaci\u00f3n de entrada de datos para prevenir inyecciones de scripts maliciosos.<\/div>\n","protected":false},"excerpt":{"rendered":"

La vulnerabilidad CVE-2024-1985 afecta al plugin Simple Membership para WordPress, permitiendo a atacantes no autenticados realizar ataques de Cross-Site Scripting almacenado a trav\u00e9s del par\u00e1metro ‘Nombre a mostrar’. Esta vulnerabilidad se da en todas las versiones hasta la 4.4.2 debido a una insuficiente sanitizaci\u00f3n de entrada y escape de salida. Los atacantes podr\u00edan inyectar scripts […]<\/p>\n","protected":false},"author":0,"featured_media":0,"comment_status":"","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[815],"class_list":["post-3102","post","type-post","status-publish","format-standard","hentry","category-uncategorized","tag-cve-2024-1985"],"yoast_head":"\nSimple Membership <= 4.4.2 - Cross-Site Scripting basado en almacenamiento sin autenticaci\u00f3n - SeguridadWordPress.es<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"http:\/\/127.0.0.1\/simple-membership-4-4-2-cross-site-scripting-basado-en-almacenamiento-sin-autenticacion\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Simple Membership <= 4.4.2 - Cross-Site Scripting basado en almacenamiento sin autenticaci\u00f3n - SeguridadWordPress.es\" \/>\n<meta property=\"og:description\" content=\"La vulnerabilidad CVE-2024-1985 afecta al plugin Simple Membership para WordPress, permitiendo a atacantes no autenticados realizar ataques de Cross-Site Scripting almacenado a trav\u00e9s del par\u00e1metro ‘Nombre a mostrar’. Esta vulnerabilidad se da en todas las versiones hasta la 4.4.2 debido a una insuficiente sanitizaci\u00f3n de entrada y escape de salida. Los atacantes podr\u00edan inyectar scripts […]\" \/>\n<meta property=\"og:url\" content=\"http:\/\/127.0.0.1\/simple-membership-4-4-2-cross-site-scripting-basado-en-almacenamiento-sin-autenticacion\/\" \/>\n<meta property=\"og:site_name\" content=\"SeguridadWordPress.es\" \/>\n<meta property=\"article:published_time\" content=\"2024-03-05T21:45:06+00:00\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"http:\/\/127.0.0.1\/simple-membership-4-4-2-cross-site-scripting-basado-en-almacenamiento-sin-autenticacion\/\",\"url\":\"http:\/\/127.0.0.1\/simple-membership-4-4-2-cross-site-scripting-basado-en-almacenamiento-sin-autenticacion\/\",\"name\":\"Simple Membership <= 4.4.2 - Cross-Site Scripting basado en almacenamiento sin autenticaci\u00f3n - SeguridadWordPress.es\",\"isPartOf\":{\"@id\":\"http:\/\/127.0.0.1\/#website\"},\"datePublished\":\"2024-03-05T21:45:06+00:00\",\"dateModified\":\"2024-03-05T21:45:06+00:00\",\"author\":{\"@id\":\"\"},\"breadcrumb\":{\"@id\":\"http:\/\/127.0.0.1\/simple-membership-4-4-2-cross-site-scripting-basado-en-almacenamiento-sin-autenticacion\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"http:\/\/127.0.0.1\/simple-membership-4-4-2-cross-site-scripting-basado-en-almacenamiento-sin-autenticacion\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"http:\/\/127.0.0.1\/simple-membership-4-4-2-cross-site-scripting-basado-en-almacenamiento-sin-autenticacion\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"http:\/\/127.0.0.1\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Simple Membership <= 4.4.2 – Cross-Site Scripting basado en almacenamiento sin autenticaci\u00f3n\"}]},{\"@type\":\"WebSite\",\"@id\":\"http:\/\/127.0.0.1\/#website\",\"url\":\"http:\/\/127.0.0.1\/\",\"name\":\"SeguridadWordPress.es\",\"description\":\"Recopilaci\u00f3n de vulnerabilidades WordPress.\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"http:\/\/127.0.0.1\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Simple Membership <= 4.4.2 - Cross-Site Scripting basado en almacenamiento sin autenticaci\u00f3n - SeguridadWordPress.es","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"http:\/\/127.0.0.1\/simple-membership-4-4-2-cross-site-scripting-basado-en-almacenamiento-sin-autenticacion\/","og_locale":"en_US","og_type":"article","og_title":"Simple Membership <= 4.4.2 - Cross-Site Scripting basado en almacenamiento sin autenticaci\u00f3n - SeguridadWordPress.es","og_description":"La vulnerabilidad CVE-2024-1985 afecta al plugin Simple Membership para WordPress, permitiendo a atacantes no autenticados realizar ataques de Cross-Site Scripting almacenado a trav\u00e9s del par\u00e1metro ‘Nombre a mostrar’. Esta vulnerabilidad se da en todas las versiones hasta la 4.4.2 debido a una insuficiente sanitizaci\u00f3n de entrada y escape de salida. Los atacantes podr\u00edan inyectar scripts […]","og_url":"http:\/\/127.0.0.1\/simple-membership-4-4-2-cross-site-scripting-basado-en-almacenamiento-sin-autenticacion\/","og_site_name":"SeguridadWordPress.es","article_published_time":"2024-03-05T21:45:06+00:00","twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"http:\/\/127.0.0.1\/simple-membership-4-4-2-cross-site-scripting-basado-en-almacenamiento-sin-autenticacion\/","url":"http:\/\/127.0.0.1\/simple-membership-4-4-2-cross-site-scripting-basado-en-almacenamiento-sin-autenticacion\/","name":"Simple Membership <= 4.4.2 - Cross-Site Scripting basado en almacenamiento sin autenticaci\u00f3n - SeguridadWordPress.es","isPartOf":{"@id":"http:\/\/127.0.0.1\/#website"},"datePublished":"2024-03-05T21:45:06+00:00","dateModified":"2024-03-05T21:45:06+00:00","author":{"@id":""},"breadcrumb":{"@id":"http:\/\/127.0.0.1\/simple-membership-4-4-2-cross-site-scripting-basado-en-almacenamiento-sin-autenticacion\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["http:\/\/127.0.0.1\/simple-membership-4-4-2-cross-site-scripting-basado-en-almacenamiento-sin-autenticacion\/"]}]},{"@type":"BreadcrumbList","@id":"http:\/\/127.0.0.1\/simple-membership-4-4-2-cross-site-scripting-basado-en-almacenamiento-sin-autenticacion\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"http:\/\/127.0.0.1\/"},{"@type":"ListItem","position":2,"name":"Simple Membership <= 4.4.2 – Cross-Site Scripting basado en almacenamiento sin autenticaci\u00f3n"}]},{"@type":"WebSite","@id":"http:\/\/127.0.0.1\/#website","url":"http:\/\/127.0.0.1\/","name":"SeguridadWordPress.es","description":"Recopilaci\u00f3n de vulnerabilidades WordPress.","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"http:\/\/127.0.0.1\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"}]}},"amp_enabled":true,"_links":{"self":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts\/3102"}],"collection":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/comments?post=3102"}],"version-history":[{"count":0,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts\/3102\/revisions"}],"wp:attachment":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/media?parent=3102"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/categories?post=3102"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/tags?post=3102"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}