{"id":3464,"date":"2024-04-06T18:45:14","date_gmt":"2024-04-06T18:45:14","guid":{"rendered":"http:\/\/127.0.0.1\/mm-email2image-0-2-5-csrf-a-cross-site-scripting-almacenado\/"},"modified":"2024-04-06T18:45:14","modified_gmt":"2024-04-06T18:45:14","slug":"mm-email2image-0-2-5-csrf-a-cross-site-scripting-almacenado","status":"publish","type":"post","link":"http:\/\/127.0.0.1\/mm-email2image-0-2-5-csrf-a-cross-site-scripting-almacenado\/","title":{"rendered":"MM-email2image <= 0.2.5 – CSRF a Cross-Site Scripting Almacenado"},"content":{"rendered":"
El plugin MM-email2image para WordPress es vulnerable a Cross-Site Request Forgery en todas las versiones hasta, e incluyendo, la 0.2.5. Esto se debe a la falta o validaci\u00f3n incorrecta de nonce. Esto hace posible que atacantes no autenticados puedan llevar a cabo ataques de cross-site scripting almacenado a trav\u00e9s de una solicitud falsificada siempre y cuando puedan enga\u00f1ar a un administrador del sitio para que realice una acci\u00f3n como hacer clic en un enlace.<\/div>\n

<\/p>\n

Los usuarios afectados por esta vulnerabilidad deber\u00edan deshabilitar temporalmente el plugin MM-email2image hasta que se lance una actualizaci\u00f3n que aborde este problema de seguridad. Adem\u00e1s, se recomienda siempre verificar las solicitudes antes de realizar acciones importantes en el sitio para evitar ataques CSRF. Se sugiere a los administradores de sitios web que se mantengan informados sobre las \u00faltimas vulnerabilidades y parches de seguridad para proteger sus sitios de posibles ataques.<\/div>\n
Es crucial que los propietarios de sitios web tomen medidas r\u00e1pidas para proteger sus sitios de posibles ataques CSRF y cross-site scripting. La seguridad de un sitio web es una responsabilidad compartida entre los desarrolladores de software, los administradores de sitios y los usuarios finales.<\/div>\n","protected":false},"excerpt":{"rendered":"

El plugin MM-email2image para WordPress es vulnerable a Cross-Site Request Forgery en todas las versiones hasta, e incluyendo, la 0.2.5. Esto se debe a la falta o validaci\u00f3n incorrecta de nonce. Esto hace posible que atacantes no autenticados puedan llevar a cabo ataques de cross-site scripting almacenado a trav\u00e9s de una solicitud falsificada siempre y […]<\/p>\n","protected":false},"author":0,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[1174],"class_list":["post-3464","post","type-post","status-publish","format-standard","hentry","category-uncategorized","tag-cve-2024-3076"],"yoast_head":"\nMM-email2image <= 0.2.5 - CSRF a Cross-Site Scripting Almacenado - SeguridadWordPress.es<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"http:\/\/127.0.0.1\/mm-email2image-0-2-5-csrf-a-cross-site-scripting-almacenado\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"MM-email2image <= 0.2.5 - CSRF a Cross-Site Scripting Almacenado - SeguridadWordPress.es\" \/>\n<meta property=\"og:description\" content=\"El plugin MM-email2image para WordPress es vulnerable a Cross-Site Request Forgery en todas las versiones hasta, e incluyendo, la 0.2.5. Esto se debe a la falta o validaci\u00f3n incorrecta de nonce. Esto hace posible que atacantes no autenticados puedan llevar a cabo ataques de cross-site scripting almacenado a trav\u00e9s de una solicitud falsificada siempre y […]\" \/>\n<meta property=\"og:url\" content=\"http:\/\/127.0.0.1\/mm-email2image-0-2-5-csrf-a-cross-site-scripting-almacenado\/\" \/>\n<meta property=\"og:site_name\" content=\"SeguridadWordPress.es\" \/>\n<meta property=\"article:published_time\" content=\"2024-04-06T18:45:14+00:00\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"http:\/\/127.0.0.1\/mm-email2image-0-2-5-csrf-a-cross-site-scripting-almacenado\/\",\"url\":\"http:\/\/127.0.0.1\/mm-email2image-0-2-5-csrf-a-cross-site-scripting-almacenado\/\",\"name\":\"MM-email2image <= 0.2.5 - CSRF a Cross-Site Scripting Almacenado - SeguridadWordPress.es\",\"isPartOf\":{\"@id\":\"http:\/\/127.0.0.1\/#website\"},\"datePublished\":\"2024-04-06T18:45:14+00:00\",\"dateModified\":\"2024-04-06T18:45:14+00:00\",\"author\":{\"@id\":\"\"},\"breadcrumb\":{\"@id\":\"http:\/\/127.0.0.1\/mm-email2image-0-2-5-csrf-a-cross-site-scripting-almacenado\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"http:\/\/127.0.0.1\/mm-email2image-0-2-5-csrf-a-cross-site-scripting-almacenado\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"http:\/\/127.0.0.1\/mm-email2image-0-2-5-csrf-a-cross-site-scripting-almacenado\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"http:\/\/127.0.0.1\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"MM-email2image <= 0.2.5 – CSRF a Cross-Site Scripting Almacenado\"}]},{\"@type\":\"WebSite\",\"@id\":\"http:\/\/127.0.0.1\/#website\",\"url\":\"http:\/\/127.0.0.1\/\",\"name\":\"SeguridadWordPress.es\",\"description\":\"Recopilaci\u00f3n de vulnerabilidades WordPress.\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"http:\/\/127.0.0.1\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"MM-email2image <= 0.2.5 - CSRF a Cross-Site Scripting Almacenado - SeguridadWordPress.es","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"http:\/\/127.0.0.1\/mm-email2image-0-2-5-csrf-a-cross-site-scripting-almacenado\/","og_locale":"en_US","og_type":"article","og_title":"MM-email2image <= 0.2.5 - CSRF a Cross-Site Scripting Almacenado - SeguridadWordPress.es","og_description":"El plugin MM-email2image para WordPress es vulnerable a Cross-Site Request Forgery en todas las versiones hasta, e incluyendo, la 0.2.5. Esto se debe a la falta o validaci\u00f3n incorrecta de nonce. Esto hace posible que atacantes no autenticados puedan llevar a cabo ataques de cross-site scripting almacenado a trav\u00e9s de una solicitud falsificada siempre y […]","og_url":"http:\/\/127.0.0.1\/mm-email2image-0-2-5-csrf-a-cross-site-scripting-almacenado\/","og_site_name":"SeguridadWordPress.es","article_published_time":"2024-04-06T18:45:14+00:00","twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"http:\/\/127.0.0.1\/mm-email2image-0-2-5-csrf-a-cross-site-scripting-almacenado\/","url":"http:\/\/127.0.0.1\/mm-email2image-0-2-5-csrf-a-cross-site-scripting-almacenado\/","name":"MM-email2image <= 0.2.5 - CSRF a Cross-Site Scripting Almacenado - SeguridadWordPress.es","isPartOf":{"@id":"http:\/\/127.0.0.1\/#website"},"datePublished":"2024-04-06T18:45:14+00:00","dateModified":"2024-04-06T18:45:14+00:00","author":{"@id":""},"breadcrumb":{"@id":"http:\/\/127.0.0.1\/mm-email2image-0-2-5-csrf-a-cross-site-scripting-almacenado\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["http:\/\/127.0.0.1\/mm-email2image-0-2-5-csrf-a-cross-site-scripting-almacenado\/"]}]},{"@type":"BreadcrumbList","@id":"http:\/\/127.0.0.1\/mm-email2image-0-2-5-csrf-a-cross-site-scripting-almacenado\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"http:\/\/127.0.0.1\/"},{"@type":"ListItem","position":2,"name":"MM-email2image <= 0.2.5 – CSRF a Cross-Site Scripting Almacenado"}]},{"@type":"WebSite","@id":"http:\/\/127.0.0.1\/#website","url":"http:\/\/127.0.0.1\/","name":"SeguridadWordPress.es","description":"Recopilaci\u00f3n de vulnerabilidades WordPress.","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"http:\/\/127.0.0.1\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"}]}},"amp_enabled":true,"_links":{"self":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts\/3464"}],"collection":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/comments?post=3464"}],"version-history":[{"count":0,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts\/3464\/revisions"}],"wp:attachment":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/media?parent=3464"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/categories?post=3464"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/tags?post=3464"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}