{"id":3264,"date":"2024-03-20T14:46:09","date_gmt":"2024-03-20T14:46:09","guid":{"rendered":"http:\/\/127.0.0.1\/calendario-de-reservas-de-citas-plugin-de-reservas-de-citas-simply-schedule-appointments-1-6-7-7-inyeccion-sql-autenticada-contributor-a-traves-de-shortcode\/"},"modified":"2024-03-20T14:46:09","modified_gmt":"2024-03-20T14:46:09","slug":"calendario-de-reservas-de-citas-plugin-de-reservas-de-citas-simply-schedule-appointments-1-6-7-7-inyeccion-sql-autenticada-contributor-a-traves-de-shortcode","status":"publish","type":"post","link":"http:\/\/127.0.0.1\/calendario-de-reservas-de-citas-plugin-de-reservas-de-citas-simply-schedule-appointments-1-6-7-7-inyeccion-sql-autenticada-contributor-a-traves-de-shortcode\/","title":{"rendered":"Calendario de Reservas de Citas \u2014 Plugin de Reservas de Citas Simply Schedule Appointments <= 1.6.7.7 – Inyecci\u00f3n SQL Autenticada (Contributor+) a trav\u00e9s de Shortcode"},"content":{"rendered":"
El plugin de WordPress Calendario de Reservas de Citas \u2014 Plugin de Reservas de Citas Simply Schedule Appointments es vulnerable a Inyecci\u00f3n SQL a trav\u00e9s del par\u00e1metro customer_id en todas las versiones hasta, e incluyendo, la 1.6.7.7 debido a un escape insuficiente en el par\u00e1metro proporcionado por el usuario y falta de preparaci\u00f3n suficiente en la consulta SQL existente. Esto permite que atacantes autenticados, con acceso de contribuidor o superior, agreguen consultas SQL adicionales en consultas ya existentes que pueden ser utilizadas para extraer informaci\u00f3n sensible de la base de datos.<\/div>\n

<\/p>\n

Para subsanar este problema, se recomienda a los usuarios actualizar su plugin Calendario de Reservas de Citas \u2014 Plugin de Reservas de Citas Simply Schedule Appointments a la \u00faltima versi\u00f3n disponible, en la cual se han implementado medidas para corregir esta vulnerabilidad. Adem\u00e1s, se sugiere a los administradores del sitio limitar el acceso de los usuarios con roles de contribuidor o superior para reducir el riesgo de explotaci\u00f3n de esta vulnerabilidad.<\/div>\n
Es fundamental mantener todos los plugins y temas de WordPress actualizados regularmente para proteger tu sitio web de posibles vulnerabilidades. La seguridad de tu sitio web es responsabilidad de todos los usuarios, por lo que es importante tomar las medidas necesarias para mantenerlo protegido.<\/div>\n","protected":false},"excerpt":{"rendered":"

El plugin de WordPress Calendario de Reservas de Citas \u2014 Plugin de Reservas de Citas Simply Schedule Appointments es vulnerable a Inyecci\u00f3n SQL a trav\u00e9s del par\u00e1metro customer_id en todas las versiones hasta, e incluyendo, la 1.6.7.7 debido a un escape insuficiente en el par\u00e1metro proporcionado por el usuario y falta de preparaci\u00f3n suficiente en […]<\/p>\n","protected":false},"author":0,"featured_media":0,"comment_status":"","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[976],"class_list":["post-3264","post","type-post","status-publish","format-standard","hentry","category-uncategorized","tag-cve-2024-2342"],"yoast_head":"\nCalendario de Reservas de Citas \u2014 Plugin de Reservas de Citas Simply Schedule Appointments <= 1.6.7.7 - Inyecci\u00f3n SQL Autenticada (Contributor+) a trav\u00e9s de Shortcode - SeguridadWordPress.es<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"http:\/\/127.0.0.1\/calendario-de-reservas-de-citas-plugin-de-reservas-de-citas-simply-schedule-appointments-1-6-7-7-inyeccion-sql-autenticada-contributor-a-traves-de-shortcode\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Calendario de Reservas de Citas \u2014 Plugin de Reservas de Citas Simply Schedule Appointments <= 1.6.7.7 - Inyecci\u00f3n SQL Autenticada (Contributor+) a trav\u00e9s de Shortcode - SeguridadWordPress.es\" \/>\n<meta property=\"og:description\" content=\"El plugin de WordPress Calendario de Reservas de Citas \u2014 Plugin de Reservas de Citas Simply Schedule Appointments es vulnerable a Inyecci\u00f3n SQL a trav\u00e9s del par\u00e1metro customer_id en todas las versiones hasta, e incluyendo, la 1.6.7.7 debido a un escape insuficiente en el par\u00e1metro proporcionado por el usuario y falta de preparaci\u00f3n suficiente en […]\" \/>\n<meta property=\"og:url\" content=\"http:\/\/127.0.0.1\/calendario-de-reservas-de-citas-plugin-de-reservas-de-citas-simply-schedule-appointments-1-6-7-7-inyeccion-sql-autenticada-contributor-a-traves-de-shortcode\/\" \/>\n<meta property=\"og:site_name\" content=\"SeguridadWordPress.es\" \/>\n<meta property=\"article:published_time\" content=\"2024-03-20T14:46:09+00:00\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"http:\/\/127.0.0.1\/calendario-de-reservas-de-citas-plugin-de-reservas-de-citas-simply-schedule-appointments-1-6-7-7-inyeccion-sql-autenticada-contributor-a-traves-de-shortcode\/\",\"url\":\"http:\/\/127.0.0.1\/calendario-de-reservas-de-citas-plugin-de-reservas-de-citas-simply-schedule-appointments-1-6-7-7-inyeccion-sql-autenticada-contributor-a-traves-de-shortcode\/\",\"name\":\"Calendario de Reservas de Citas \u2014 Plugin de Reservas de Citas Simply Schedule Appointments <= 1.6.7.7 - Inyecci\u00f3n SQL Autenticada (Contributor+) a trav\u00e9s de Shortcode - SeguridadWordPress.es\",\"isPartOf\":{\"@id\":\"http:\/\/127.0.0.1\/#website\"},\"datePublished\":\"2024-03-20T14:46:09+00:00\",\"dateModified\":\"2024-03-20T14:46:09+00:00\",\"author\":{\"@id\":\"\"},\"breadcrumb\":{\"@id\":\"http:\/\/127.0.0.1\/calendario-de-reservas-de-citas-plugin-de-reservas-de-citas-simply-schedule-appointments-1-6-7-7-inyeccion-sql-autenticada-contributor-a-traves-de-shortcode\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"http:\/\/127.0.0.1\/calendario-de-reservas-de-citas-plugin-de-reservas-de-citas-simply-schedule-appointments-1-6-7-7-inyeccion-sql-autenticada-contributor-a-traves-de-shortcode\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"http:\/\/127.0.0.1\/calendario-de-reservas-de-citas-plugin-de-reservas-de-citas-simply-schedule-appointments-1-6-7-7-inyeccion-sql-autenticada-contributor-a-traves-de-shortcode\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"http:\/\/127.0.0.1\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Calendario de Reservas de Citas \u2014 Plugin de Reservas de Citas Simply Schedule Appointments <= 1.6.7.7 – Inyecci\u00f3n SQL Autenticada (Contributor+) a trav\u00e9s de Shortcode\"}]},{\"@type\":\"WebSite\",\"@id\":\"http:\/\/127.0.0.1\/#website\",\"url\":\"http:\/\/127.0.0.1\/\",\"name\":\"SeguridadWordPress.es\",\"description\":\"Recopilaci\u00f3n de vulnerabilidades WordPress.\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"http:\/\/127.0.0.1\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Calendario de Reservas de Citas \u2014 Plugin de Reservas de Citas Simply Schedule Appointments <= 1.6.7.7 - Inyecci\u00f3n SQL Autenticada (Contributor+) a trav\u00e9s de Shortcode - SeguridadWordPress.es","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"http:\/\/127.0.0.1\/calendario-de-reservas-de-citas-plugin-de-reservas-de-citas-simply-schedule-appointments-1-6-7-7-inyeccion-sql-autenticada-contributor-a-traves-de-shortcode\/","og_locale":"en_US","og_type":"article","og_title":"Calendario de Reservas de Citas \u2014 Plugin de Reservas de Citas Simply Schedule Appointments <= 1.6.7.7 - Inyecci\u00f3n SQL Autenticada (Contributor+) a trav\u00e9s de Shortcode - SeguridadWordPress.es","og_description":"El plugin de WordPress Calendario de Reservas de Citas \u2014 Plugin de Reservas de Citas Simply Schedule Appointments es vulnerable a Inyecci\u00f3n SQL a trav\u00e9s del par\u00e1metro customer_id en todas las versiones hasta, e incluyendo, la 1.6.7.7 debido a un escape insuficiente en el par\u00e1metro proporcionado por el usuario y falta de preparaci\u00f3n suficiente en […]","og_url":"http:\/\/127.0.0.1\/calendario-de-reservas-de-citas-plugin-de-reservas-de-citas-simply-schedule-appointments-1-6-7-7-inyeccion-sql-autenticada-contributor-a-traves-de-shortcode\/","og_site_name":"SeguridadWordPress.es","article_published_time":"2024-03-20T14:46:09+00:00","twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"http:\/\/127.0.0.1\/calendario-de-reservas-de-citas-plugin-de-reservas-de-citas-simply-schedule-appointments-1-6-7-7-inyeccion-sql-autenticada-contributor-a-traves-de-shortcode\/","url":"http:\/\/127.0.0.1\/calendario-de-reservas-de-citas-plugin-de-reservas-de-citas-simply-schedule-appointments-1-6-7-7-inyeccion-sql-autenticada-contributor-a-traves-de-shortcode\/","name":"Calendario de Reservas de Citas \u2014 Plugin de Reservas de Citas Simply Schedule Appointments <= 1.6.7.7 - Inyecci\u00f3n SQL Autenticada (Contributor+) a trav\u00e9s de Shortcode - SeguridadWordPress.es","isPartOf":{"@id":"http:\/\/127.0.0.1\/#website"},"datePublished":"2024-03-20T14:46:09+00:00","dateModified":"2024-03-20T14:46:09+00:00","author":{"@id":""},"breadcrumb":{"@id":"http:\/\/127.0.0.1\/calendario-de-reservas-de-citas-plugin-de-reservas-de-citas-simply-schedule-appointments-1-6-7-7-inyeccion-sql-autenticada-contributor-a-traves-de-shortcode\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["http:\/\/127.0.0.1\/calendario-de-reservas-de-citas-plugin-de-reservas-de-citas-simply-schedule-appointments-1-6-7-7-inyeccion-sql-autenticada-contributor-a-traves-de-shortcode\/"]}]},{"@type":"BreadcrumbList","@id":"http:\/\/127.0.0.1\/calendario-de-reservas-de-citas-plugin-de-reservas-de-citas-simply-schedule-appointments-1-6-7-7-inyeccion-sql-autenticada-contributor-a-traves-de-shortcode\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"http:\/\/127.0.0.1\/"},{"@type":"ListItem","position":2,"name":"Calendario de Reservas de Citas \u2014 Plugin de Reservas de Citas Simply Schedule Appointments <= 1.6.7.7 – Inyecci\u00f3n SQL Autenticada (Contributor+) a trav\u00e9s de Shortcode"}]},{"@type":"WebSite","@id":"http:\/\/127.0.0.1\/#website","url":"http:\/\/127.0.0.1\/","name":"SeguridadWordPress.es","description":"Recopilaci\u00f3n de vulnerabilidades WordPress.","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"http:\/\/127.0.0.1\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"}]}},"amp_enabled":true,"_links":{"self":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts\/3264"}],"collection":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/comments?post=3264"}],"version-history":[{"count":0,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts\/3264\/revisions"}],"wp:attachment":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/media?parent=3264"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/categories?post=3264"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/tags?post=3264"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}