{"id":3164,"date":"2024-03-11T21:45:53","date_gmt":"2024-03-11T21:45:53","guid":{"rendered":"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-request-forgery-en-ladiapp-plugin-para-wordpress\/"},"modified":"2024-03-11T21:45:53","modified_gmt":"2024-03-11T21:45:53","slug":"vulnerabilidad-de-cross-site-request-forgery-en-ladiapp-plugin-para-wordpress","status":"publish","type":"post","link":"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-request-forgery-en-ladiapp-plugin-para-wordpress\/","title":{"rendered":"Vulnerabilidad de Cross-Site Request Forgery en LadiApp Plugin para WordPress"},"content":{"rendered":"<div>El plugin LadiApp para WordPress es vulnerable a Cross-Site Request Forgery debido a la falta de verificaci\u00f3n de nonce en la funci\u00f3n publish_lp() enganchada a trav\u00e9s de una acci\u00f3n AJAX en versiones hasta, e incluyendo, la 4.4. Esto permite que atacantes no autenticados cambien la clave de LadiPage (una clave completamente controlada por el atacante), lo que les permite crear libremente nuevas p\u00e1ginas, incluyendo p\u00e1ginas web que desencadenen XSS almacenado a trav\u00e9s de una solicitud falsificada si pueden enga\u00f1ar a un administrador del sitio para que realice una acci\u00f3n como hacer clic en un enlace.<\/div>\n<p><\/p>\n<div>Los usuarios afectados por esta vulnerabilidad en el plugin LadiApp para WordPress deben actualizar a la versi\u00f3n 4.5 o superior para corregir el problema. Adem\u00e1s, se recomienda a los administradores del sitio que implementen medidas de seguridad adicionales, como la autenticaci\u00f3n de dos factores y la supervisi\u00f3n regular de la actividad del sitio para detectar posibles intrusiones.<\/div>\n<div>Es crucial que los propietarios de sitios web que utilizan el plugin LadiApp para WordPress tomen medidas inmediatas para proteger sus sitios de posibles ataques CSRF. Actualizar el plugin a la \u00faltima versi\u00f3n disponible y seguir las mejores pr\u00e1cticas de seguridad en WordPress ayudar\u00e1 a mitigar el riesgo de explotaci\u00f3n de esta vulnerabilidad.<\/div>\n","protected":false},"excerpt":{"rendered":"<p>El plugin LadiApp para WordPress es vulnerable a Cross-Site Request Forgery debido a la falta de verificaci\u00f3n de nonce en la funci\u00f3n publish_lp() enganchada a trav\u00e9s de una acci\u00f3n AJAX en versiones hasta, e incluyendo, la 4.4. Esto permite que atacantes no autenticados cambien la clave de LadiPage (una clave completamente controlada por el atacante), [&hellip;]<\/p>\n","protected":false},"author":0,"featured_media":0,"comment_status":"","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[877],"class_list":["post-3164","post","type-post","status-publish","format-standard","hentry","category-uncategorized","tag-cve-2023-4729"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v21.8 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Vulnerabilidad de Cross-Site Request Forgery en LadiApp Plugin para WordPress - SeguridadWordPress.es<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-request-forgery-en-ladiapp-plugin-para-wordpress\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Vulnerabilidad de Cross-Site Request Forgery en LadiApp Plugin para WordPress - SeguridadWordPress.es\" \/>\n<meta property=\"og:description\" content=\"El plugin LadiApp para WordPress es vulnerable a Cross-Site Request Forgery debido a la falta de verificaci\u00f3n de nonce en la funci\u00f3n publish_lp() enganchada a trav\u00e9s de una acci\u00f3n AJAX en versiones hasta, e incluyendo, la 4.4. Esto permite que atacantes no autenticados cambien la clave de LadiPage (una clave completamente controlada por el atacante), [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-request-forgery-en-ladiapp-plugin-para-wordpress\/\" \/>\n<meta property=\"og:site_name\" content=\"SeguridadWordPress.es\" \/>\n<meta property=\"article:published_time\" content=\"2024-03-11T21:45:53+00:00\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-request-forgery-en-ladiapp-plugin-para-wordpress\/\",\"url\":\"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-request-forgery-en-ladiapp-plugin-para-wordpress\/\",\"name\":\"Vulnerabilidad de Cross-Site Request Forgery en LadiApp Plugin para WordPress - SeguridadWordPress.es\",\"isPartOf\":{\"@id\":\"http:\/\/127.0.0.1\/#website\"},\"datePublished\":\"2024-03-11T21:45:53+00:00\",\"dateModified\":\"2024-03-11T21:45:53+00:00\",\"author\":{\"@id\":\"\"},\"breadcrumb\":{\"@id\":\"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-request-forgery-en-ladiapp-plugin-para-wordpress\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-request-forgery-en-ladiapp-plugin-para-wordpress\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-request-forgery-en-ladiapp-plugin-para-wordpress\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"http:\/\/127.0.0.1\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Vulnerabilidad de Cross-Site Request Forgery en LadiApp Plugin para WordPress\"}]},{\"@type\":\"WebSite\",\"@id\":\"http:\/\/127.0.0.1\/#website\",\"url\":\"http:\/\/127.0.0.1\/\",\"name\":\"SeguridadWordPress.es\",\"description\":\"Recopilaci\u00f3n de vulnerabilidades WordPress.\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"http:\/\/127.0.0.1\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Vulnerabilidad de Cross-Site Request Forgery en LadiApp Plugin para WordPress - SeguridadWordPress.es","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-request-forgery-en-ladiapp-plugin-para-wordpress\/","og_locale":"en_US","og_type":"article","og_title":"Vulnerabilidad de Cross-Site Request Forgery en LadiApp Plugin para WordPress - SeguridadWordPress.es","og_description":"El plugin LadiApp para WordPress es vulnerable a Cross-Site Request Forgery debido a la falta de verificaci\u00f3n de nonce en la funci\u00f3n publish_lp() enganchada a trav\u00e9s de una acci\u00f3n AJAX en versiones hasta, e incluyendo, la 4.4. Esto permite que atacantes no autenticados cambien la clave de LadiPage (una clave completamente controlada por el atacante), [&hellip;]","og_url":"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-request-forgery-en-ladiapp-plugin-para-wordpress\/","og_site_name":"SeguridadWordPress.es","article_published_time":"2024-03-11T21:45:53+00:00","twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-request-forgery-en-ladiapp-plugin-para-wordpress\/","url":"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-request-forgery-en-ladiapp-plugin-para-wordpress\/","name":"Vulnerabilidad de Cross-Site Request Forgery en LadiApp Plugin para WordPress - SeguridadWordPress.es","isPartOf":{"@id":"http:\/\/127.0.0.1\/#website"},"datePublished":"2024-03-11T21:45:53+00:00","dateModified":"2024-03-11T21:45:53+00:00","author":{"@id":""},"breadcrumb":{"@id":"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-request-forgery-en-ladiapp-plugin-para-wordpress\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-request-forgery-en-ladiapp-plugin-para-wordpress\/"]}]},{"@type":"BreadcrumbList","@id":"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-request-forgery-en-ladiapp-plugin-para-wordpress\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"http:\/\/127.0.0.1\/"},{"@type":"ListItem","position":2,"name":"Vulnerabilidad de Cross-Site Request Forgery en LadiApp Plugin para WordPress"}]},{"@type":"WebSite","@id":"http:\/\/127.0.0.1\/#website","url":"http:\/\/127.0.0.1\/","name":"SeguridadWordPress.es","description":"Recopilaci\u00f3n de vulnerabilidades WordPress.","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"http:\/\/127.0.0.1\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"}]}},"amp_enabled":true,"_links":{"self":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts\/3164"}],"collection":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/comments?post=3164"}],"version-history":[{"count":0,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts\/3164\/revisions"}],"wp:attachment":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/media?parent=3164"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/categories?post=3164"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/tags?post=3164"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}