{"id":3472,"date":"2024-04-09T15:45:37","date_gmt":"2024-04-09T15:45:37","guid":{"rendered":"http:\/\/127.0.0.1\/wp-activity-log-premium-4-6-4-inyeccion-sql-autenticada-suscriptor\/"},"modified":"2024-04-09T15:45:37","modified_gmt":"2024-04-09T15:45:37","slug":"wp-activity-log-premium-4-6-4-inyeccion-sql-autenticada-suscriptor","status":"publish","type":"post","link":"http:\/\/127.0.0.1\/wp-activity-log-premium-4-6-4-inyeccion-sql-autenticada-suscriptor\/","title":{"rendered":"WP Activity Log Premium <= 4.6.4 – Inyecci\u00f3n SQL Autenticada (Suscriptor+)"},"content":{"rendered":"
La vulnerabilidad de inyecci\u00f3n SQL en el plugin WP Activity Log Premium para WordPress, hasta la versi\u00f3n 4.6.4, permite a atacantes autenticados con privilegios de suscriptor insertar consultas SQL adicionales en consultas existentes para extraer informaci\u00f3n sensible de la base de datos.<\/div>\n

<\/p>\n

La vulnerabilidad se encuentra en el par\u00e1metro entry->roles debido a un escape insuficiente del par\u00e1metro proporcionado por el usuario y falta de preparaci\u00f3n suficiente en la consulta SQL existente. Esto posibilita a los atacantes autenticados con privilegios de suscriptor agregar consultas SQL adicionales en consultas existentes que pueden ser utilizadas para extraer informaci\u00f3n sensible de la base de datos. Un ataque demostrado incluy\u00f3 la inyecci\u00f3n de un Objeto PHP.<\/div>\n
Se recomienda a los usuarios del plugin WP Activity Log Premium actualizar a la \u00faltima versi\u00f3n disponible para corregir esta vulnerabilidad de seguridad. Adem\u00e1s, se recomienda ser cauteloso al otorgar privilegios de suscriptor y monitorear de cerca cualquier actividad inusual en el panel de administraci\u00f3n de WordPress.<\/div>\n","protected":false},"excerpt":{"rendered":"

La vulnerabilidad de inyecci\u00f3n SQL en el plugin WP Activity Log Premium para WordPress, hasta la versi\u00f3n 4.6.4, permite a atacantes autenticados con privilegios de suscriptor insertar consultas SQL adicionales en consultas existentes para extraer informaci\u00f3n sensible de la base de datos. La vulnerabilidad se encuentra en el par\u00e1metro entry->roles debido a un escape insuficiente […]<\/p>\n","protected":false},"author":0,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[1182],"class_list":["post-3472","post","type-post","status-publish","format-standard","hentry","category-uncategorized","tag-cve-2024-2018"],"yoast_head":"\nWP Activity Log Premium <= 4.6.4 - Inyecci\u00f3n SQL Autenticada (Suscriptor+) - SeguridadWordPress.es<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"http:\/\/127.0.0.1\/wp-activity-log-premium-4-6-4-inyeccion-sql-autenticada-suscriptor\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"WP Activity Log Premium <= 4.6.4 - Inyecci\u00f3n SQL Autenticada (Suscriptor+) - SeguridadWordPress.es\" \/>\n<meta property=\"og:description\" content=\"La vulnerabilidad de inyecci\u00f3n SQL en el plugin WP Activity Log Premium para WordPress, hasta la versi\u00f3n 4.6.4, permite a atacantes autenticados con privilegios de suscriptor insertar consultas SQL adicionales en consultas existentes para extraer informaci\u00f3n sensible de la base de datos. La vulnerabilidad se encuentra en el par\u00e1metro entry->roles debido a un escape insuficiente […]\" \/>\n<meta property=\"og:url\" content=\"http:\/\/127.0.0.1\/wp-activity-log-premium-4-6-4-inyeccion-sql-autenticada-suscriptor\/\" \/>\n<meta property=\"og:site_name\" content=\"SeguridadWordPress.es\" \/>\n<meta property=\"article:published_time\" content=\"2024-04-09T15:45:37+00:00\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"http:\/\/127.0.0.1\/wp-activity-log-premium-4-6-4-inyeccion-sql-autenticada-suscriptor\/\",\"url\":\"http:\/\/127.0.0.1\/wp-activity-log-premium-4-6-4-inyeccion-sql-autenticada-suscriptor\/\",\"name\":\"WP Activity Log Premium <= 4.6.4 - Inyecci\u00f3n SQL Autenticada (Suscriptor+) - SeguridadWordPress.es\",\"isPartOf\":{\"@id\":\"http:\/\/127.0.0.1\/#website\"},\"datePublished\":\"2024-04-09T15:45:37+00:00\",\"dateModified\":\"2024-04-09T15:45:37+00:00\",\"author\":{\"@id\":\"\"},\"breadcrumb\":{\"@id\":\"http:\/\/127.0.0.1\/wp-activity-log-premium-4-6-4-inyeccion-sql-autenticada-suscriptor\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"http:\/\/127.0.0.1\/wp-activity-log-premium-4-6-4-inyeccion-sql-autenticada-suscriptor\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"http:\/\/127.0.0.1\/wp-activity-log-premium-4-6-4-inyeccion-sql-autenticada-suscriptor\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"http:\/\/127.0.0.1\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"WP Activity Log Premium <= 4.6.4 – Inyecci\u00f3n SQL Autenticada (Suscriptor+)\"}]},{\"@type\":\"WebSite\",\"@id\":\"http:\/\/127.0.0.1\/#website\",\"url\":\"http:\/\/127.0.0.1\/\",\"name\":\"SeguridadWordPress.es\",\"description\":\"Recopilaci\u00f3n de vulnerabilidades WordPress.\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"http:\/\/127.0.0.1\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"WP Activity Log Premium <= 4.6.4 - Inyecci\u00f3n SQL Autenticada (Suscriptor+) - SeguridadWordPress.es","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"http:\/\/127.0.0.1\/wp-activity-log-premium-4-6-4-inyeccion-sql-autenticada-suscriptor\/","og_locale":"en_US","og_type":"article","og_title":"WP Activity Log Premium <= 4.6.4 - Inyecci\u00f3n SQL Autenticada (Suscriptor+) - SeguridadWordPress.es","og_description":"La vulnerabilidad de inyecci\u00f3n SQL en el plugin WP Activity Log Premium para WordPress, hasta la versi\u00f3n 4.6.4, permite a atacantes autenticados con privilegios de suscriptor insertar consultas SQL adicionales en consultas existentes para extraer informaci\u00f3n sensible de la base de datos. La vulnerabilidad se encuentra en el par\u00e1metro entry->roles debido a un escape insuficiente […]","og_url":"http:\/\/127.0.0.1\/wp-activity-log-premium-4-6-4-inyeccion-sql-autenticada-suscriptor\/","og_site_name":"SeguridadWordPress.es","article_published_time":"2024-04-09T15:45:37+00:00","twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"http:\/\/127.0.0.1\/wp-activity-log-premium-4-6-4-inyeccion-sql-autenticada-suscriptor\/","url":"http:\/\/127.0.0.1\/wp-activity-log-premium-4-6-4-inyeccion-sql-autenticada-suscriptor\/","name":"WP Activity Log Premium <= 4.6.4 - Inyecci\u00f3n SQL Autenticada (Suscriptor+) - SeguridadWordPress.es","isPartOf":{"@id":"http:\/\/127.0.0.1\/#website"},"datePublished":"2024-04-09T15:45:37+00:00","dateModified":"2024-04-09T15:45:37+00:00","author":{"@id":""},"breadcrumb":{"@id":"http:\/\/127.0.0.1\/wp-activity-log-premium-4-6-4-inyeccion-sql-autenticada-suscriptor\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["http:\/\/127.0.0.1\/wp-activity-log-premium-4-6-4-inyeccion-sql-autenticada-suscriptor\/"]}]},{"@type":"BreadcrumbList","@id":"http:\/\/127.0.0.1\/wp-activity-log-premium-4-6-4-inyeccion-sql-autenticada-suscriptor\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"http:\/\/127.0.0.1\/"},{"@type":"ListItem","position":2,"name":"WP Activity Log Premium <= 4.6.4 – Inyecci\u00f3n SQL Autenticada (Suscriptor+)"}]},{"@type":"WebSite","@id":"http:\/\/127.0.0.1\/#website","url":"http:\/\/127.0.0.1\/","name":"SeguridadWordPress.es","description":"Recopilaci\u00f3n de vulnerabilidades WordPress.","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"http:\/\/127.0.0.1\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"}]}},"amp_enabled":true,"_links":{"self":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts\/3472"}],"collection":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/comments?post=3472"}],"version-history":[{"count":0,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts\/3472\/revisions"}],"wp:attachment":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/media?parent=3472"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/categories?post=3472"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/tags?post=3472"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}