{"id":3275,"date":"2024-03-20T19:45:30","date_gmt":"2024-03-20T19:45:30","guid":{"rendered":"http:\/\/127.0.0.1\/vulnerabilidad-de-reflected-cross-site-scripting-en-advanced-access-manager-6-9-20\/"},"modified":"2024-03-20T19:45:30","modified_gmt":"2024-03-20T19:45:30","slug":"vulnerabilidad-de-reflected-cross-site-scripting-en-advanced-access-manager-6-9-20","status":"publish","type":"post","link":"http:\/\/127.0.0.1\/vulnerabilidad-de-reflected-cross-site-scripting-en-advanced-access-manager-6-9-20\/","title":{"rendered":"Vulnerabilidad de Reflected Cross-Site Scripting en Advanced Access Manager <= 6.9.20"},"content":{"rendered":"
La vulnerabilidad de Cross-Site Scripting (XSS) en el plugin Advanced Access Manager para WordPress, hasta la versi\u00f3n 6.9.20, permite a atacantes no autenticados inyectar scripts web arbitrarios en p\u00e1ginas si logran enga\u00f1ar a un usuario para que realice una acci\u00f3n como hacer clic en un enlace.<\/div>\n

<\/p>\n

La falta de saneamiento de entradas y de escapado de salidas en el plugin Advanced Access Manager hasta la versi\u00f3n 6.9.20 lo hace vulnerable a ataques de Reflected Cross-Site Scripting (XSS). Esto significa que un atacante puede inyectar c\u00f3digo malicioso que se ejecutar\u00e1 en el navegador del usuario al visitar una p\u00e1gina comprometida. Para protegerse contra esta vulnerabilidad, se recomienda a los usuarios actualizar el plugin a la \u00faltima versi\u00f3n disponible, en este caso, a partir de la 6.9.21. Adem\u00e1s, se aconseja tener cuidado al hacer clic en enlaces de origen desconocido o sospechoso para evitar caer en posibles ataques de phishing.<\/div>\n
Es crucial mantener todos los plugins de WordPress actualizados y estar atento a posibles recomendaciones de seguridad. Al tomar medidas proactivas, como actualizar regularmente el software y practicar h\u00e1bitos seguros de navegaci\u00f3n en l\u00ednea, los usuarios pueden reducir significativamente el riesgo de ser v\u00edctimas de ataques de Cross-Site Scripting y otras amenazas de seguridad en la web.<\/div>\n","protected":false},"excerpt":{"rendered":"

La vulnerabilidad de Cross-Site Scripting (XSS) en el plugin Advanced Access Manager para WordPress, hasta la versi\u00f3n 6.9.20, permite a atacantes no autenticados inyectar scripts web arbitrarios en p\u00e1ginas si logran enga\u00f1ar a un usuario para que realice una acci\u00f3n como hacer clic en un enlace. La falta de saneamiento de entradas y de escapado […]<\/p>\n","protected":false},"author":0,"featured_media":0,"comment_status":"","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[987],"class_list":["post-3275","post","type-post","status-publish","format-standard","hentry","category-uncategorized","tag-cve-2024-29127"],"yoast_head":"\nVulnerabilidad de Reflected Cross-Site Scripting en Advanced Access Manager <= 6.9.20 - SeguridadWordPress.es<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"http:\/\/127.0.0.1\/vulnerabilidad-de-reflected-cross-site-scripting-en-advanced-access-manager-6-9-20\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Vulnerabilidad de Reflected Cross-Site Scripting en Advanced Access Manager <= 6.9.20 - SeguridadWordPress.es\" \/>\n<meta property=\"og:description\" content=\"La vulnerabilidad de Cross-Site Scripting (XSS) en el plugin Advanced Access Manager para WordPress, hasta la versi\u00f3n 6.9.20, permite a atacantes no autenticados inyectar scripts web arbitrarios en p\u00e1ginas si logran enga\u00f1ar a un usuario para que realice una acci\u00f3n como hacer clic en un enlace. La falta de saneamiento de entradas y de escapado […]\" \/>\n<meta property=\"og:url\" content=\"http:\/\/127.0.0.1\/vulnerabilidad-de-reflected-cross-site-scripting-en-advanced-access-manager-6-9-20\/\" \/>\n<meta property=\"og:site_name\" content=\"SeguridadWordPress.es\" \/>\n<meta property=\"article:published_time\" content=\"2024-03-20T19:45:30+00:00\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"http:\/\/127.0.0.1\/vulnerabilidad-de-reflected-cross-site-scripting-en-advanced-access-manager-6-9-20\/\",\"url\":\"http:\/\/127.0.0.1\/vulnerabilidad-de-reflected-cross-site-scripting-en-advanced-access-manager-6-9-20\/\",\"name\":\"Vulnerabilidad de Reflected Cross-Site Scripting en Advanced Access Manager <= 6.9.20 - SeguridadWordPress.es\",\"isPartOf\":{\"@id\":\"http:\/\/127.0.0.1\/#website\"},\"datePublished\":\"2024-03-20T19:45:30+00:00\",\"dateModified\":\"2024-03-20T19:45:30+00:00\",\"author\":{\"@id\":\"\"},\"breadcrumb\":{\"@id\":\"http:\/\/127.0.0.1\/vulnerabilidad-de-reflected-cross-site-scripting-en-advanced-access-manager-6-9-20\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"http:\/\/127.0.0.1\/vulnerabilidad-de-reflected-cross-site-scripting-en-advanced-access-manager-6-9-20\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"http:\/\/127.0.0.1\/vulnerabilidad-de-reflected-cross-site-scripting-en-advanced-access-manager-6-9-20\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"http:\/\/127.0.0.1\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Vulnerabilidad de Reflected Cross-Site Scripting en Advanced Access Manager <= 6.9.20\"}]},{\"@type\":\"WebSite\",\"@id\":\"http:\/\/127.0.0.1\/#website\",\"url\":\"http:\/\/127.0.0.1\/\",\"name\":\"SeguridadWordPress.es\",\"description\":\"Recopilaci\u00f3n de vulnerabilidades WordPress.\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"http:\/\/127.0.0.1\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Vulnerabilidad de Reflected Cross-Site Scripting en Advanced Access Manager <= 6.9.20 - SeguridadWordPress.es","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"http:\/\/127.0.0.1\/vulnerabilidad-de-reflected-cross-site-scripting-en-advanced-access-manager-6-9-20\/","og_locale":"en_US","og_type":"article","og_title":"Vulnerabilidad de Reflected Cross-Site Scripting en Advanced Access Manager <= 6.9.20 - SeguridadWordPress.es","og_description":"La vulnerabilidad de Cross-Site Scripting (XSS) en el plugin Advanced Access Manager para WordPress, hasta la versi\u00f3n 6.9.20, permite a atacantes no autenticados inyectar scripts web arbitrarios en p\u00e1ginas si logran enga\u00f1ar a un usuario para que realice una acci\u00f3n como hacer clic en un enlace. La falta de saneamiento de entradas y de escapado […]","og_url":"http:\/\/127.0.0.1\/vulnerabilidad-de-reflected-cross-site-scripting-en-advanced-access-manager-6-9-20\/","og_site_name":"SeguridadWordPress.es","article_published_time":"2024-03-20T19:45:30+00:00","twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"http:\/\/127.0.0.1\/vulnerabilidad-de-reflected-cross-site-scripting-en-advanced-access-manager-6-9-20\/","url":"http:\/\/127.0.0.1\/vulnerabilidad-de-reflected-cross-site-scripting-en-advanced-access-manager-6-9-20\/","name":"Vulnerabilidad de Reflected Cross-Site Scripting en Advanced Access Manager <= 6.9.20 - SeguridadWordPress.es","isPartOf":{"@id":"http:\/\/127.0.0.1\/#website"},"datePublished":"2024-03-20T19:45:30+00:00","dateModified":"2024-03-20T19:45:30+00:00","author":{"@id":""},"breadcrumb":{"@id":"http:\/\/127.0.0.1\/vulnerabilidad-de-reflected-cross-site-scripting-en-advanced-access-manager-6-9-20\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["http:\/\/127.0.0.1\/vulnerabilidad-de-reflected-cross-site-scripting-en-advanced-access-manager-6-9-20\/"]}]},{"@type":"BreadcrumbList","@id":"http:\/\/127.0.0.1\/vulnerabilidad-de-reflected-cross-site-scripting-en-advanced-access-manager-6-9-20\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"http:\/\/127.0.0.1\/"},{"@type":"ListItem","position":2,"name":"Vulnerabilidad de Reflected Cross-Site Scripting en Advanced Access Manager <= 6.9.20"}]},{"@type":"WebSite","@id":"http:\/\/127.0.0.1\/#website","url":"http:\/\/127.0.0.1\/","name":"SeguridadWordPress.es","description":"Recopilaci\u00f3n de vulnerabilidades WordPress.","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"http:\/\/127.0.0.1\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"}]}},"amp_enabled":true,"_links":{"self":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts\/3275"}],"collection":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/comments?post=3275"}],"version-history":[{"count":0,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts\/3275\/revisions"}],"wp:attachment":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/media?parent=3275"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/categories?post=3275"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/tags?post=3275"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}