{"id":3300,"date":"2024-03-22T16:45:24","date_gmt":"2024-03-22T16:45:24","guid":{"rendered":"http:\/\/127.0.0.1\/vulnerabilidad-csrf-en-el-plugin-de-wordpress-pretty-links-3-6-3\/"},"modified":"2024-03-22T16:45:24","modified_gmt":"2024-03-22T16:45:24","slug":"vulnerabilidad-csrf-en-el-plugin-de-wordpress-pretty-links-3-6-3","status":"publish","type":"post","link":"http:\/\/127.0.0.1\/vulnerabilidad-csrf-en-el-plugin-de-wordpress-pretty-links-3-6-3\/","title":{"rendered":"Vulnerabilidad CSRF en el Plugin de WordPress Pretty Links <= 3.6.3"},"content":{"rendered":"
La vulnerabilidad Cross-Site Request Forgery (CSRF) en el plugin de WordPress Pretty Links \u2013 Affiliate Links, Link Branding, Link Tracking & Marketing Plugin hasta la versi\u00f3n 3.6.3 permite a atacantes no autenticados cambiar la configuraci\u00f3n del plugin, incluida la integraci\u00f3n con Stripe, mediante una solicitud falsificada si logran enga\u00f1ar a un administrador del sitio para que realice una acci\u00f3n como hacer clic en un enlace.<\/div>\n

<\/p>\n

La falta o validaci\u00f3n incorrecta de nonce al guardar la configuraci\u00f3n del plugin es lo que origina esta vulnerabilidad CSRF. Para subsanar este problema, se recomienda a los usuarios actualizar el plugin a la \u00faltima versi\u00f3n disponible de Pretty Links, en este caso, la versi\u00f3n 3.6.4. Adem\u00e1s, es recomendable estar atentos a posibles mensajes de alerta o actividad inusual en el panel de administraci\u00f3n que puedan indicar intentos de intrusi\u00f3n.<\/div>\n
Mantener el software actualizado y estar alerta ante posibles amenazas son pr\u00e1cticas clave para proteger la informaci\u00f3n y el funcionamiento del sitio web. Al tomar medidas preventivas como actualizar los plugins regularmente, los usuarios pueden reducir significativamente el riesgo de explotaci\u00f3n de vulnerabilidades como la CSRF en el plugin de Pretty Links.<\/div>\n","protected":false},"excerpt":{"rendered":"

La vulnerabilidad Cross-Site Request Forgery (CSRF) en el plugin de WordPress Pretty Links \u2013 Affiliate Links, Link Branding, Link Tracking & Marketing Plugin hasta la versi\u00f3n 3.6.3 permite a atacantes no autenticados cambiar la configuraci\u00f3n del plugin, incluida la integraci\u00f3n con Stripe, mediante una solicitud falsificada si logran enga\u00f1ar a un administrador del sitio para […]<\/p>\n","protected":false},"author":0,"featured_media":0,"comment_status":"","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[1012],"class_list":["post-3300","post","type-post","status-publish","format-standard","hentry","category-uncategorized","tag-cve-2024-2326"],"yoast_head":"\nVulnerabilidad CSRF en el Plugin de WordPress Pretty Links <= 3.6.3 - SeguridadWordPress.es<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"http:\/\/127.0.0.1\/vulnerabilidad-csrf-en-el-plugin-de-wordpress-pretty-links-3-6-3\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Vulnerabilidad CSRF en el Plugin de WordPress Pretty Links <= 3.6.3 - SeguridadWordPress.es\" \/>\n<meta property=\"og:description\" content=\"La vulnerabilidad Cross-Site Request Forgery (CSRF) en el plugin de WordPress Pretty Links \u2013 Affiliate Links, Link Branding, Link Tracking & Marketing Plugin hasta la versi\u00f3n 3.6.3 permite a atacantes no autenticados cambiar la configuraci\u00f3n del plugin, incluida la integraci\u00f3n con Stripe, mediante una solicitud falsificada si logran enga\u00f1ar a un administrador del sitio para […]\" \/>\n<meta property=\"og:url\" content=\"http:\/\/127.0.0.1\/vulnerabilidad-csrf-en-el-plugin-de-wordpress-pretty-links-3-6-3\/\" \/>\n<meta property=\"og:site_name\" content=\"SeguridadWordPress.es\" \/>\n<meta property=\"article:published_time\" content=\"2024-03-22T16:45:24+00:00\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"http:\/\/127.0.0.1\/vulnerabilidad-csrf-en-el-plugin-de-wordpress-pretty-links-3-6-3\/\",\"url\":\"http:\/\/127.0.0.1\/vulnerabilidad-csrf-en-el-plugin-de-wordpress-pretty-links-3-6-3\/\",\"name\":\"Vulnerabilidad CSRF en el Plugin de WordPress Pretty Links <= 3.6.3 - SeguridadWordPress.es\",\"isPartOf\":{\"@id\":\"http:\/\/127.0.0.1\/#website\"},\"datePublished\":\"2024-03-22T16:45:24+00:00\",\"dateModified\":\"2024-03-22T16:45:24+00:00\",\"author\":{\"@id\":\"\"},\"breadcrumb\":{\"@id\":\"http:\/\/127.0.0.1\/vulnerabilidad-csrf-en-el-plugin-de-wordpress-pretty-links-3-6-3\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"http:\/\/127.0.0.1\/vulnerabilidad-csrf-en-el-plugin-de-wordpress-pretty-links-3-6-3\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"http:\/\/127.0.0.1\/vulnerabilidad-csrf-en-el-plugin-de-wordpress-pretty-links-3-6-3\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"http:\/\/127.0.0.1\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Vulnerabilidad CSRF en el Plugin de WordPress Pretty Links <= 3.6.3\"}]},{\"@type\":\"WebSite\",\"@id\":\"http:\/\/127.0.0.1\/#website\",\"url\":\"http:\/\/127.0.0.1\/\",\"name\":\"SeguridadWordPress.es\",\"description\":\"Recopilaci\u00f3n de vulnerabilidades WordPress.\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"http:\/\/127.0.0.1\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Vulnerabilidad CSRF en el Plugin de WordPress Pretty Links <= 3.6.3 - SeguridadWordPress.es","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"http:\/\/127.0.0.1\/vulnerabilidad-csrf-en-el-plugin-de-wordpress-pretty-links-3-6-3\/","og_locale":"en_US","og_type":"article","og_title":"Vulnerabilidad CSRF en el Plugin de WordPress Pretty Links <= 3.6.3 - SeguridadWordPress.es","og_description":"La vulnerabilidad Cross-Site Request Forgery (CSRF) en el plugin de WordPress Pretty Links \u2013 Affiliate Links, Link Branding, Link Tracking & Marketing Plugin hasta la versi\u00f3n 3.6.3 permite a atacantes no autenticados cambiar la configuraci\u00f3n del plugin, incluida la integraci\u00f3n con Stripe, mediante una solicitud falsificada si logran enga\u00f1ar a un administrador del sitio para […]","og_url":"http:\/\/127.0.0.1\/vulnerabilidad-csrf-en-el-plugin-de-wordpress-pretty-links-3-6-3\/","og_site_name":"SeguridadWordPress.es","article_published_time":"2024-03-22T16:45:24+00:00","twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"http:\/\/127.0.0.1\/vulnerabilidad-csrf-en-el-plugin-de-wordpress-pretty-links-3-6-3\/","url":"http:\/\/127.0.0.1\/vulnerabilidad-csrf-en-el-plugin-de-wordpress-pretty-links-3-6-3\/","name":"Vulnerabilidad CSRF en el Plugin de WordPress Pretty Links <= 3.6.3 - SeguridadWordPress.es","isPartOf":{"@id":"http:\/\/127.0.0.1\/#website"},"datePublished":"2024-03-22T16:45:24+00:00","dateModified":"2024-03-22T16:45:24+00:00","author":{"@id":""},"breadcrumb":{"@id":"http:\/\/127.0.0.1\/vulnerabilidad-csrf-en-el-plugin-de-wordpress-pretty-links-3-6-3\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["http:\/\/127.0.0.1\/vulnerabilidad-csrf-en-el-plugin-de-wordpress-pretty-links-3-6-3\/"]}]},{"@type":"BreadcrumbList","@id":"http:\/\/127.0.0.1\/vulnerabilidad-csrf-en-el-plugin-de-wordpress-pretty-links-3-6-3\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"http:\/\/127.0.0.1\/"},{"@type":"ListItem","position":2,"name":"Vulnerabilidad CSRF en el Plugin de WordPress Pretty Links <= 3.6.3"}]},{"@type":"WebSite","@id":"http:\/\/127.0.0.1\/#website","url":"http:\/\/127.0.0.1\/","name":"SeguridadWordPress.es","description":"Recopilaci\u00f3n de vulnerabilidades WordPress.","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"http:\/\/127.0.0.1\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"}]}},"amp_enabled":true,"_links":{"self":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts\/3300"}],"collection":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/comments?post=3300"}],"version-history":[{"count":0,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts\/3300\/revisions"}],"wp:attachment":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/media?parent=3300"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/categories?post=3300"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/tags?post=3300"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}