{"id":3281,"date":"2024-03-21T15:45:12","date_gmt":"2024-03-21T15:45:12","guid":{"rendered":"http:\/\/127.0.0.1\/memberpress-1-11-26-cross-site-scripting-reflejado-a-traves-de-message-y-error\/"},"modified":"2024-03-21T15:45:12","modified_gmt":"2024-03-21T15:45:12","slug":"memberpress-1-11-26-cross-site-scripting-reflejado-a-traves-de-message-y-error","status":"publish","type":"post","link":"http:\/\/127.0.0.1\/memberpress-1-11-26-cross-site-scripting-reflejado-a-traves-de-message-y-error\/","title":{"rendered":"Memberpress <= 1.11.26 – Cross-Site Scripting Reflejado a trav\u00e9s de message y error"},"content":{"rendered":"
El plugin Memberpress para WordPress es vulnerable a Cross-Site Scripting Reflejado a trav\u00e9s de los par\u00e1metros ‘message’ y ‘error’ en todas las versiones hasta, e incluyendo, la 1.11.26 debido a una insuficiente sanitizaci\u00f3n de entradas y escape de salidas. Esto permite a atacantes no autenticados inyectar scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n si logran enga\u00f1ar con \u00e9xito a un usuario para que realice una acci\u00f3n como hacer clic en un enlace. Cabe destacar que el problema fue parcialmente parcheado en la versi\u00f3n 1.11.25, pero a\u00fan podr\u00eda ser explotado bajo ciertas circunstancias.<\/div>\n

<\/p>\n

Los usuarios de Memberpress afectados por esta vulnerabilidad deben actualizar urgentemente a la \u00faltima versi\u00f3n disponible, 1.11.27, que resuelve por completo el problema. Adem\u00e1s, se recomienda a los usuarios ser conscientes de los riesgos asociados con el Cross-Site Scripting y evitar hacer clic en enlaces sospechosos o no verificados. Adicionalmente, se aconseja a los administradores de sitios web implementar medidas de seguridad adicionales, como el uso de firewalls de aplicaciones web o plugins de seguridad que ayuden a prevenir este tipo de ataques.<\/div>\n
La seguridad en WordPress es fundamental para proteger tanto la informaci\u00f3n de los usuarios como la integridad de los sitios web. Es responsabilidad de los desarrolladores y administradores mantenerse informados sobre las \u00faltimas vulnerabilidades y tomar las medidas necesarias para mitigar los riesgos de seguridad.<\/div>\n","protected":false},"excerpt":{"rendered":"

El plugin Memberpress para WordPress es vulnerable a Cross-Site Scripting Reflejado a trav\u00e9s de los par\u00e1metros ‘message’ y ‘error’ en todas las versiones hasta, e incluyendo, la 1.11.26 debido a una insuficiente sanitizaci\u00f3n de entradas y escape de salidas. Esto permite a atacantes no autenticados inyectar scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n si […]<\/p>\n","protected":false},"author":0,"featured_media":0,"comment_status":"","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[993],"class_list":["post-3281","post","type-post","status-publish","format-standard","hentry","category-uncategorized","tag-cve-2024-1412"],"yoast_head":"\nMemberpress <= 1.11.26 - Cross-Site Scripting Reflejado a trav\u00e9s de message y error - SeguridadWordPress.es<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"http:\/\/127.0.0.1\/memberpress-1-11-26-cross-site-scripting-reflejado-a-traves-de-message-y-error\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Memberpress <= 1.11.26 - Cross-Site Scripting Reflejado a trav\u00e9s de message y error - SeguridadWordPress.es\" \/>\n<meta property=\"og:description\" content=\"El plugin Memberpress para WordPress es vulnerable a Cross-Site Scripting Reflejado a trav\u00e9s de los par\u00e1metros ‘message’ y ‘error’ en todas las versiones hasta, e incluyendo, la 1.11.26 debido a una insuficiente sanitizaci\u00f3n de entradas y escape de salidas. Esto permite a atacantes no autenticados inyectar scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n si […]\" \/>\n<meta property=\"og:url\" content=\"http:\/\/127.0.0.1\/memberpress-1-11-26-cross-site-scripting-reflejado-a-traves-de-message-y-error\/\" \/>\n<meta property=\"og:site_name\" content=\"SeguridadWordPress.es\" \/>\n<meta property=\"article:published_time\" content=\"2024-03-21T15:45:12+00:00\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"http:\/\/127.0.0.1\/memberpress-1-11-26-cross-site-scripting-reflejado-a-traves-de-message-y-error\/\",\"url\":\"http:\/\/127.0.0.1\/memberpress-1-11-26-cross-site-scripting-reflejado-a-traves-de-message-y-error\/\",\"name\":\"Memberpress <= 1.11.26 - Cross-Site Scripting Reflejado a trav\u00e9s de message y error - SeguridadWordPress.es\",\"isPartOf\":{\"@id\":\"http:\/\/127.0.0.1\/#website\"},\"datePublished\":\"2024-03-21T15:45:12+00:00\",\"dateModified\":\"2024-03-21T15:45:12+00:00\",\"author\":{\"@id\":\"\"},\"breadcrumb\":{\"@id\":\"http:\/\/127.0.0.1\/memberpress-1-11-26-cross-site-scripting-reflejado-a-traves-de-message-y-error\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"http:\/\/127.0.0.1\/memberpress-1-11-26-cross-site-scripting-reflejado-a-traves-de-message-y-error\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"http:\/\/127.0.0.1\/memberpress-1-11-26-cross-site-scripting-reflejado-a-traves-de-message-y-error\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"http:\/\/127.0.0.1\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Memberpress <= 1.11.26 – Cross-Site Scripting Reflejado a trav\u00e9s de message y error\"}]},{\"@type\":\"WebSite\",\"@id\":\"http:\/\/127.0.0.1\/#website\",\"url\":\"http:\/\/127.0.0.1\/\",\"name\":\"SeguridadWordPress.es\",\"description\":\"Recopilaci\u00f3n de vulnerabilidades WordPress.\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"http:\/\/127.0.0.1\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Memberpress <= 1.11.26 - Cross-Site Scripting Reflejado a trav\u00e9s de message y error - SeguridadWordPress.es","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"http:\/\/127.0.0.1\/memberpress-1-11-26-cross-site-scripting-reflejado-a-traves-de-message-y-error\/","og_locale":"en_US","og_type":"article","og_title":"Memberpress <= 1.11.26 - Cross-Site Scripting Reflejado a trav\u00e9s de message y error - SeguridadWordPress.es","og_description":"El plugin Memberpress para WordPress es vulnerable a Cross-Site Scripting Reflejado a trav\u00e9s de los par\u00e1metros ‘message’ y ‘error’ en todas las versiones hasta, e incluyendo, la 1.11.26 debido a una insuficiente sanitizaci\u00f3n de entradas y escape de salidas. Esto permite a atacantes no autenticados inyectar scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n si […]","og_url":"http:\/\/127.0.0.1\/memberpress-1-11-26-cross-site-scripting-reflejado-a-traves-de-message-y-error\/","og_site_name":"SeguridadWordPress.es","article_published_time":"2024-03-21T15:45:12+00:00","twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"http:\/\/127.0.0.1\/memberpress-1-11-26-cross-site-scripting-reflejado-a-traves-de-message-y-error\/","url":"http:\/\/127.0.0.1\/memberpress-1-11-26-cross-site-scripting-reflejado-a-traves-de-message-y-error\/","name":"Memberpress <= 1.11.26 - Cross-Site Scripting Reflejado a trav\u00e9s de message y error - SeguridadWordPress.es","isPartOf":{"@id":"http:\/\/127.0.0.1\/#website"},"datePublished":"2024-03-21T15:45:12+00:00","dateModified":"2024-03-21T15:45:12+00:00","author":{"@id":""},"breadcrumb":{"@id":"http:\/\/127.0.0.1\/memberpress-1-11-26-cross-site-scripting-reflejado-a-traves-de-message-y-error\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["http:\/\/127.0.0.1\/memberpress-1-11-26-cross-site-scripting-reflejado-a-traves-de-message-y-error\/"]}]},{"@type":"BreadcrumbList","@id":"http:\/\/127.0.0.1\/memberpress-1-11-26-cross-site-scripting-reflejado-a-traves-de-message-y-error\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"http:\/\/127.0.0.1\/"},{"@type":"ListItem","position":2,"name":"Memberpress <= 1.11.26 – Cross-Site Scripting Reflejado a trav\u00e9s de message y error"}]},{"@type":"WebSite","@id":"http:\/\/127.0.0.1\/#website","url":"http:\/\/127.0.0.1\/","name":"SeguridadWordPress.es","description":"Recopilaci\u00f3n de vulnerabilidades WordPress.","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"http:\/\/127.0.0.1\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"}]}},"amp_enabled":true,"_links":{"self":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts\/3281"}],"collection":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/comments?post=3281"}],"version-history":[{"count":0,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts\/3281\/revisions"}],"wp:attachment":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/media?parent=3281"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/categories?post=3281"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/tags?post=3281"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}