{"id":3115,"date":"2024-03-06T21:45:16","date_gmt":"2024-03-06T21:45:16","guid":{"rendered":"http:\/\/127.0.0.1\/booster-for-woocommerce-7-1-7-xss-persistente-autenticado-via-shortcode\/"},"modified":"2024-03-06T21:45:16","modified_gmt":"2024-03-06T21:45:16","slug":"booster-for-woocommerce-7-1-7-xss-persistente-autenticado-via-shortcode","status":"publish","type":"post","link":"http:\/\/127.0.0.1\/booster-for-woocommerce-7-1-7-xss-persistente-autenticado-via-shortcode\/","title":{"rendered":"Booster for WooCommerce <= 7.1.7 – XSS Persistente Autenticado v\u00eda Shortcode"},"content":{"rendered":"
El plugin Booster for WooCommerce para WordPress es vulnerable a Cross-Site Scripting persistente a trav\u00e9s de los shortcodes del plugin en todas las versiones hasta, e incluyendo, la 7.1.7 debido a una validaci\u00f3n insuficiente de entradas y escape de salida en los atributos proporcionados por el usuario. Esto permite que atacantes autenticados con permisos de contribuidor o superiores inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada.<\/div>\n

<\/p>\n

La vulnerabilidad CVE-2024-1534 en el plugin Booster for WooCommerce permite a usuarios autenticados con ciertos niveles de permisos realizar ataques de XSS persistente mediante la manipulaci\u00f3n de los shortcodes del plugin. Para mitigar este problema, se recomienda a los usuarios actualizar el plugin a la \u00faltima versi\u00f3n disponible, en este caso la 7.1.8, la cual corrige esta vulnerabilidad. Adem\u00e1s, se aconseja a los administradores del sitio restringir los permisos de los usuarios para minimizar el riesgo de ataques.<\/div>\n
Es fundamental mantener actualizados todos los plugins y temas de WordPress para protegerse contra posibles vulnerabilidades de seguridad, como en el caso del XSS persistente en Booster for WooCommerce. La seguridad debe ser una prioridad para mantener la integridad del sitio web y la privacidad de los datos de los usuarios.<\/div>\n","protected":false},"excerpt":{"rendered":"

El plugin Booster for WooCommerce para WordPress es vulnerable a Cross-Site Scripting persistente a trav\u00e9s de los shortcodes del plugin en todas las versiones hasta, e incluyendo, la 7.1.7 debido a una validaci\u00f3n insuficiente de entradas y escape de salida en los atributos proporcionados por el usuario. Esto permite que atacantes autenticados con permisos de […]<\/p>\n","protected":false},"author":0,"featured_media":0,"comment_status":"","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[828],"class_list":["post-3115","post","type-post","status-publish","format-standard","hentry","category-uncategorized","tag-cve-2024-1534"],"yoast_head":"\nBooster for WooCommerce <= 7.1.7 - XSS Persistente Autenticado v\u00eda Shortcode - SeguridadWordPress.es<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"http:\/\/127.0.0.1\/booster-for-woocommerce-7-1-7-xss-persistente-autenticado-via-shortcode\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Booster for WooCommerce <= 7.1.7 - XSS Persistente Autenticado v\u00eda Shortcode - SeguridadWordPress.es\" \/>\n<meta property=\"og:description\" content=\"El plugin Booster for WooCommerce para WordPress es vulnerable a Cross-Site Scripting persistente a trav\u00e9s de los shortcodes del plugin en todas las versiones hasta, e incluyendo, la 7.1.7 debido a una validaci\u00f3n insuficiente de entradas y escape de salida en los atributos proporcionados por el usuario. Esto permite que atacantes autenticados con permisos de […]\" \/>\n<meta property=\"og:url\" content=\"http:\/\/127.0.0.1\/booster-for-woocommerce-7-1-7-xss-persistente-autenticado-via-shortcode\/\" \/>\n<meta property=\"og:site_name\" content=\"SeguridadWordPress.es\" \/>\n<meta property=\"article:published_time\" content=\"2024-03-06T21:45:16+00:00\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"http:\/\/127.0.0.1\/booster-for-woocommerce-7-1-7-xss-persistente-autenticado-via-shortcode\/\",\"url\":\"http:\/\/127.0.0.1\/booster-for-woocommerce-7-1-7-xss-persistente-autenticado-via-shortcode\/\",\"name\":\"Booster for WooCommerce <= 7.1.7 - XSS Persistente Autenticado v\u00eda Shortcode - SeguridadWordPress.es\",\"isPartOf\":{\"@id\":\"http:\/\/127.0.0.1\/#website\"},\"datePublished\":\"2024-03-06T21:45:16+00:00\",\"dateModified\":\"2024-03-06T21:45:16+00:00\",\"author\":{\"@id\":\"\"},\"breadcrumb\":{\"@id\":\"http:\/\/127.0.0.1\/booster-for-woocommerce-7-1-7-xss-persistente-autenticado-via-shortcode\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"http:\/\/127.0.0.1\/booster-for-woocommerce-7-1-7-xss-persistente-autenticado-via-shortcode\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"http:\/\/127.0.0.1\/booster-for-woocommerce-7-1-7-xss-persistente-autenticado-via-shortcode\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"http:\/\/127.0.0.1\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Booster for WooCommerce <= 7.1.7 – XSS Persistente Autenticado v\u00eda Shortcode\"}]},{\"@type\":\"WebSite\",\"@id\":\"http:\/\/127.0.0.1\/#website\",\"url\":\"http:\/\/127.0.0.1\/\",\"name\":\"SeguridadWordPress.es\",\"description\":\"Recopilaci\u00f3n de vulnerabilidades WordPress.\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"http:\/\/127.0.0.1\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Booster for WooCommerce <= 7.1.7 - XSS Persistente Autenticado v\u00eda Shortcode - SeguridadWordPress.es","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"http:\/\/127.0.0.1\/booster-for-woocommerce-7-1-7-xss-persistente-autenticado-via-shortcode\/","og_locale":"en_US","og_type":"article","og_title":"Booster for WooCommerce <= 7.1.7 - XSS Persistente Autenticado v\u00eda Shortcode - SeguridadWordPress.es","og_description":"El plugin Booster for WooCommerce para WordPress es vulnerable a Cross-Site Scripting persistente a trav\u00e9s de los shortcodes del plugin en todas las versiones hasta, e incluyendo, la 7.1.7 debido a una validaci\u00f3n insuficiente de entradas y escape de salida en los atributos proporcionados por el usuario. Esto permite que atacantes autenticados con permisos de […]","og_url":"http:\/\/127.0.0.1\/booster-for-woocommerce-7-1-7-xss-persistente-autenticado-via-shortcode\/","og_site_name":"SeguridadWordPress.es","article_published_time":"2024-03-06T21:45:16+00:00","twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"http:\/\/127.0.0.1\/booster-for-woocommerce-7-1-7-xss-persistente-autenticado-via-shortcode\/","url":"http:\/\/127.0.0.1\/booster-for-woocommerce-7-1-7-xss-persistente-autenticado-via-shortcode\/","name":"Booster for WooCommerce <= 7.1.7 - XSS Persistente Autenticado v\u00eda Shortcode - SeguridadWordPress.es","isPartOf":{"@id":"http:\/\/127.0.0.1\/#website"},"datePublished":"2024-03-06T21:45:16+00:00","dateModified":"2024-03-06T21:45:16+00:00","author":{"@id":""},"breadcrumb":{"@id":"http:\/\/127.0.0.1\/booster-for-woocommerce-7-1-7-xss-persistente-autenticado-via-shortcode\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["http:\/\/127.0.0.1\/booster-for-woocommerce-7-1-7-xss-persistente-autenticado-via-shortcode\/"]}]},{"@type":"BreadcrumbList","@id":"http:\/\/127.0.0.1\/booster-for-woocommerce-7-1-7-xss-persistente-autenticado-via-shortcode\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"http:\/\/127.0.0.1\/"},{"@type":"ListItem","position":2,"name":"Booster for WooCommerce <= 7.1.7 – XSS Persistente Autenticado v\u00eda Shortcode"}]},{"@type":"WebSite","@id":"http:\/\/127.0.0.1\/#website","url":"http:\/\/127.0.0.1\/","name":"SeguridadWordPress.es","description":"Recopilaci\u00f3n de vulnerabilidades WordPress.","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"http:\/\/127.0.0.1\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"}]}},"amp_enabled":true,"_links":{"self":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts\/3115"}],"collection":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/comments?post=3115"}],"version-history":[{"count":0,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts\/3115\/revisions"}],"wp:attachment":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/media?parent=3115"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/categories?post=3115"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/tags?post=3115"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}