{"id":3371,"date":"2024-03-29T14:45:34","date_gmt":"2024-03-29T14:45:34","guid":{"rendered":"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-request-forgery-en-el-plugin-news-wall-1-1-0\/"},"modified":"2024-03-29T14:45:34","modified_gmt":"2024-03-29T14:45:34","slug":"vulnerabilidad-de-cross-site-request-forgery-en-el-plugin-news-wall-1-1-0","status":"publish","type":"post","link":"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-request-forgery-en-el-plugin-news-wall-1-1-0\/","title":{"rendered":"Vulnerabilidad de Cross-Site Request Forgery en el plugin News Wall <= 1.1.0"},"content":{"rendered":"
<\/p>\n
El plugin News Wall para WordPress es vulnerable a Cross-Site Request Forgery en todas las versiones hasta, e incluyendo, la 1.1.0. Esto se debe a la falta de validaci\u00f3n de nonce en la funci\u00f3n nwap_newslist_page(). Esto hace posible que atacantes no autenticados actualicen la configuraci\u00f3n del plugin y modifiquen listas de noticias a trav\u00e9s de […]<\/p>\n","protected":false},"author":0,"featured_media":0,"comment_status":"","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[1082],"class_list":["post-3371","post","type-post","status-publish","format-standard","hentry","category-uncategorized","tag-cve-2024-2970"],"yoast_head":"\n