{"id":3333,"date":"2024-03-27T14:45:23","date_gmt":"2024-03-27T14:45:23","guid":{"rendered":"http:\/\/127.0.0.1\/events-manager-6-4-7-1-cross-site-request-forgery\/"},"modified":"2024-03-27T14:45:23","modified_gmt":"2024-03-27T14:45:23","slug":"events-manager-6-4-7-1-cross-site-request-forgery","status":"publish","type":"post","link":"http:\/\/127.0.0.1\/events-manager-6-4-7-1-cross-site-request-forgery\/","title":{"rendered":"Events Manager &lt;= 6.4.7.1 &#8211; Cross-Site Request Forgery"},"content":{"rendered":"<div>El plugin Events Manager &#8211; Calendar, Bookings, Tickets, and more! para WordPress es vulnerable a Cross-Site Request Forgery en todas las versiones hasta, e incluyendo, la 6.4.7.1. Esto se debe a la falta o validaci\u00f3n incorrecta de nonce en varias acciones. Esto permite que atacantes no autenticados modifiquen estados de reservas mediante una solicitud falsificada siempre y cuando puedan enga\u00f1ar a un administrador del sitio para que realice una acci\u00f3n como hacer clic en un enlace.<\/div>\n<p><\/p>\n<div>Los usuarios afectados por esta vulnerabilidad en el plugin Events Manager deben actualizar a la \u00faltima versi\u00f3n disponible, en este caso la versi\u00f3n 6.4.7.2 que corrige este problema de seguridad. Adem\u00e1s, se recomienda a los usuarios configurar adecuadamente las restricciones de acceso y privilegios dentro de su sitio web para ayudar a prevenir ataques de Cross-Site Request Forgery.<\/div>\n<div>Es fundamental mantener todos los plugins y temas de WordPress actualizados para evitar ser v\u00edctima de vulnerabilidades conocidas como Cross-Site Request Forgery. La seguridad de un sitio web es responsabilidad tanto de los desarrolladores de los plugins como de los propietarios del sitio, por lo que es importante trabajar en conjunto para garantizar un entorno seguro para los usuarios.<\/div>\n","protected":false},"excerpt":{"rendered":"<p>El plugin Events Manager &#8211; Calendar, Bookings, Tickets, and more! para WordPress es vulnerable a Cross-Site Request Forgery en todas las versiones hasta, e incluyendo, la 6.4.7.1. Esto se debe a la falta o validaci\u00f3n incorrecta de nonce en varias acciones. Esto permite que atacantes no autenticados modifiquen estados de reservas mediante una solicitud falsificada [&hellip;]<\/p>\n","protected":false},"author":0,"featured_media":0,"comment_status":"","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[1044],"class_list":["post-3333","post","type-post","status-publish","format-standard","hentry","category-uncategorized","tag-cve-2024-2110"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v21.8 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Events Manager &lt;= 6.4.7.1 - Cross-Site Request Forgery - SeguridadWordPress.es<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"http:\/\/127.0.0.1\/events-manager-6-4-7-1-cross-site-request-forgery\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Events Manager &lt;= 6.4.7.1 - Cross-Site Request Forgery - SeguridadWordPress.es\" \/>\n<meta property=\"og:description\" content=\"El plugin Events Manager &#8211; Calendar, Bookings, Tickets, and more! para WordPress es vulnerable a Cross-Site Request Forgery en todas las versiones hasta, e incluyendo, la 6.4.7.1. Esto se debe a la falta o validaci\u00f3n incorrecta de nonce en varias acciones. Esto permite que atacantes no autenticados modifiquen estados de reservas mediante una solicitud falsificada [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"http:\/\/127.0.0.1\/events-manager-6-4-7-1-cross-site-request-forgery\/\" \/>\n<meta property=\"og:site_name\" content=\"SeguridadWordPress.es\" \/>\n<meta property=\"article:published_time\" content=\"2024-03-27T14:45:23+00:00\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"http:\/\/127.0.0.1\/events-manager-6-4-7-1-cross-site-request-forgery\/\",\"url\":\"http:\/\/127.0.0.1\/events-manager-6-4-7-1-cross-site-request-forgery\/\",\"name\":\"Events Manager &lt;= 6.4.7.1 - Cross-Site Request Forgery - SeguridadWordPress.es\",\"isPartOf\":{\"@id\":\"http:\/\/127.0.0.1\/#website\"},\"datePublished\":\"2024-03-27T14:45:23+00:00\",\"dateModified\":\"2024-03-27T14:45:23+00:00\",\"author\":{\"@id\":\"\"},\"breadcrumb\":{\"@id\":\"http:\/\/127.0.0.1\/events-manager-6-4-7-1-cross-site-request-forgery\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"http:\/\/127.0.0.1\/events-manager-6-4-7-1-cross-site-request-forgery\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"http:\/\/127.0.0.1\/events-manager-6-4-7-1-cross-site-request-forgery\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"http:\/\/127.0.0.1\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Events Manager &lt;= 6.4.7.1 &#8211; Cross-Site Request Forgery\"}]},{\"@type\":\"WebSite\",\"@id\":\"http:\/\/127.0.0.1\/#website\",\"url\":\"http:\/\/127.0.0.1\/\",\"name\":\"SeguridadWordPress.es\",\"description\":\"Recopilaci\u00f3n de vulnerabilidades WordPress.\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"http:\/\/127.0.0.1\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Events Manager &lt;= 6.4.7.1 - Cross-Site Request Forgery - SeguridadWordPress.es","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"http:\/\/127.0.0.1\/events-manager-6-4-7-1-cross-site-request-forgery\/","og_locale":"en_US","og_type":"article","og_title":"Events Manager &lt;= 6.4.7.1 - Cross-Site Request Forgery - SeguridadWordPress.es","og_description":"El plugin Events Manager &#8211; Calendar, Bookings, Tickets, and more! para WordPress es vulnerable a Cross-Site Request Forgery en todas las versiones hasta, e incluyendo, la 6.4.7.1. Esto se debe a la falta o validaci\u00f3n incorrecta de nonce en varias acciones. Esto permite que atacantes no autenticados modifiquen estados de reservas mediante una solicitud falsificada [&hellip;]","og_url":"http:\/\/127.0.0.1\/events-manager-6-4-7-1-cross-site-request-forgery\/","og_site_name":"SeguridadWordPress.es","article_published_time":"2024-03-27T14:45:23+00:00","twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"http:\/\/127.0.0.1\/events-manager-6-4-7-1-cross-site-request-forgery\/","url":"http:\/\/127.0.0.1\/events-manager-6-4-7-1-cross-site-request-forgery\/","name":"Events Manager &lt;= 6.4.7.1 - Cross-Site Request Forgery - SeguridadWordPress.es","isPartOf":{"@id":"http:\/\/127.0.0.1\/#website"},"datePublished":"2024-03-27T14:45:23+00:00","dateModified":"2024-03-27T14:45:23+00:00","author":{"@id":""},"breadcrumb":{"@id":"http:\/\/127.0.0.1\/events-manager-6-4-7-1-cross-site-request-forgery\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["http:\/\/127.0.0.1\/events-manager-6-4-7-1-cross-site-request-forgery\/"]}]},{"@type":"BreadcrumbList","@id":"http:\/\/127.0.0.1\/events-manager-6-4-7-1-cross-site-request-forgery\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"http:\/\/127.0.0.1\/"},{"@type":"ListItem","position":2,"name":"Events Manager &lt;= 6.4.7.1 &#8211; Cross-Site Request Forgery"}]},{"@type":"WebSite","@id":"http:\/\/127.0.0.1\/#website","url":"http:\/\/127.0.0.1\/","name":"SeguridadWordPress.es","description":"Recopilaci\u00f3n de vulnerabilidades WordPress.","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"http:\/\/127.0.0.1\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"}]}},"amp_enabled":true,"_links":{"self":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts\/3333"}],"collection":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/comments?post=3333"}],"version-history":[{"count":0,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts\/3333\/revisions"}],"wp:attachment":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/media?parent=3333"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/categories?post=3333"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/tags?post=3333"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}