{"id":3534,"date":"2024-04-16T00:45:23","date_gmt":"2024-04-16T00:45:23","guid":{"rendered":"http:\/\/127.0.0.1\/sql-injection-y-cross-site-scripting-en-woocommerce-google-feed-manager\/"},"modified":"2024-04-16T00:45:23","modified_gmt":"2024-04-16T00:45:23","slug":"sql-injection-y-cross-site-scripting-en-woocommerce-google-feed-manager","status":"publish","type":"post","link":"http:\/\/127.0.0.1\/sql-injection-y-cross-site-scripting-en-woocommerce-google-feed-manager\/","title":{"rendered":"SQL Injection y Cross-Site Scripting en WooCommerce Google Feed Manager"},"content":{"rendered":"<div>En este informe se detalla la vulnerabilidad de SQL Injection y Cross-Site Scripting en el plugin WooCommerce Google Feed Manager para WordPress, hasta la versi\u00f3n 2.4.2. Esta vulnerabilidad permite a atacantes autenticados con nivel de administrador o superior, agregar consultas SQL adicionales en consultas existentes para extraer informaci\u00f3n sensible de la base de datos.<\/div>\n<p><\/p>\n<div>El plugin WooCommerce Google Feed Manager es vulnerable a SQL Injection a trav\u00e9s del par\u00e1metro &#8216;id&#8217; en todas las versiones hasta la 2.4.2 debido a un escape insuficiente en el par\u00e1metro proporcionado por el usuario y la falta de preparaci\u00f3n suficiente en la consulta SQL existente. Esto permite a atacantes autenticados, con acceso de nivel administrativo y superior, agregar consultas SQL adicionales en consultas ya existentes que se pueden utilizar para extraer informaci\u00f3n sensible de la base de datos. Esto tambi\u00e9n puede ser utilizado por atacantes no autenticados para inyectar scripts web maliciosos.<\/div>\n<div>Para mitigar esta vulnerabilidad, se recomienda a los usuarios actualizar el plugin WooCommerce Google Feed Manager a la \u00faltima versi\u00f3n disponible, que corrige este problema de seguridad. Adem\u00e1s, se aconseja a los administradores supervisar de cerca cualquier actividad sospechosa en sus sitios web y aplicar las pr\u00e1cticas recomendadas de seguridad cibern\u00e9tica para reducir el riesgo de ataques.<\/div>\n","protected":false},"excerpt":{"rendered":"<p>En este informe se detalla la vulnerabilidad de SQL Injection y Cross-Site Scripting en el plugin WooCommerce Google Feed Manager para WordPress, hasta la versi\u00f3n 2.4.2. Esta vulnerabilidad permite a atacantes autenticados con nivel de administrador o superior, agregar consultas SQL adicionales en consultas existentes para extraer informaci\u00f3n sensible de la base de datos. El [&hellip;]<\/p>\n","protected":false},"author":0,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[1244],"class_list":["post-3534","post","type-post","status-publish","format-standard","hentry","category-uncategorized","tag-cve-2024-3067"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v21.8 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>SQL Injection y Cross-Site Scripting en WooCommerce Google Feed Manager - SeguridadWordPress.es<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"http:\/\/127.0.0.1\/sql-injection-y-cross-site-scripting-en-woocommerce-google-feed-manager\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"SQL Injection y Cross-Site Scripting en WooCommerce Google Feed Manager - SeguridadWordPress.es\" \/>\n<meta property=\"og:description\" content=\"En este informe se detalla la vulnerabilidad de SQL Injection y Cross-Site Scripting en el plugin WooCommerce Google Feed Manager para WordPress, hasta la versi\u00f3n 2.4.2. Esta vulnerabilidad permite a atacantes autenticados con nivel de administrador o superior, agregar consultas SQL adicionales en consultas existentes para extraer informaci\u00f3n sensible de la base de datos. El [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"http:\/\/127.0.0.1\/sql-injection-y-cross-site-scripting-en-woocommerce-google-feed-manager\/\" \/>\n<meta property=\"og:site_name\" content=\"SeguridadWordPress.es\" \/>\n<meta property=\"article:published_time\" content=\"2024-04-16T00:45:23+00:00\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"http:\/\/127.0.0.1\/sql-injection-y-cross-site-scripting-en-woocommerce-google-feed-manager\/\",\"url\":\"http:\/\/127.0.0.1\/sql-injection-y-cross-site-scripting-en-woocommerce-google-feed-manager\/\",\"name\":\"SQL Injection y Cross-Site Scripting en WooCommerce Google Feed Manager - SeguridadWordPress.es\",\"isPartOf\":{\"@id\":\"http:\/\/127.0.0.1\/#website\"},\"datePublished\":\"2024-04-16T00:45:23+00:00\",\"dateModified\":\"2024-04-16T00:45:23+00:00\",\"author\":{\"@id\":\"\"},\"breadcrumb\":{\"@id\":\"http:\/\/127.0.0.1\/sql-injection-y-cross-site-scripting-en-woocommerce-google-feed-manager\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"http:\/\/127.0.0.1\/sql-injection-y-cross-site-scripting-en-woocommerce-google-feed-manager\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"http:\/\/127.0.0.1\/sql-injection-y-cross-site-scripting-en-woocommerce-google-feed-manager\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"http:\/\/127.0.0.1\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"SQL Injection y Cross-Site Scripting en WooCommerce Google Feed Manager\"}]},{\"@type\":\"WebSite\",\"@id\":\"http:\/\/127.0.0.1\/#website\",\"url\":\"http:\/\/127.0.0.1\/\",\"name\":\"SeguridadWordPress.es\",\"description\":\"Recopilaci\u00f3n de vulnerabilidades WordPress.\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"http:\/\/127.0.0.1\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"SQL Injection y Cross-Site Scripting en WooCommerce Google Feed Manager - SeguridadWordPress.es","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"http:\/\/127.0.0.1\/sql-injection-y-cross-site-scripting-en-woocommerce-google-feed-manager\/","og_locale":"en_US","og_type":"article","og_title":"SQL Injection y Cross-Site Scripting en WooCommerce Google Feed Manager - SeguridadWordPress.es","og_description":"En este informe se detalla la vulnerabilidad de SQL Injection y Cross-Site Scripting en el plugin WooCommerce Google Feed Manager para WordPress, hasta la versi\u00f3n 2.4.2. Esta vulnerabilidad permite a atacantes autenticados con nivel de administrador o superior, agregar consultas SQL adicionales en consultas existentes para extraer informaci\u00f3n sensible de la base de datos. El [&hellip;]","og_url":"http:\/\/127.0.0.1\/sql-injection-y-cross-site-scripting-en-woocommerce-google-feed-manager\/","og_site_name":"SeguridadWordPress.es","article_published_time":"2024-04-16T00:45:23+00:00","twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"http:\/\/127.0.0.1\/sql-injection-y-cross-site-scripting-en-woocommerce-google-feed-manager\/","url":"http:\/\/127.0.0.1\/sql-injection-y-cross-site-scripting-en-woocommerce-google-feed-manager\/","name":"SQL Injection y Cross-Site Scripting en WooCommerce Google Feed Manager - SeguridadWordPress.es","isPartOf":{"@id":"http:\/\/127.0.0.1\/#website"},"datePublished":"2024-04-16T00:45:23+00:00","dateModified":"2024-04-16T00:45:23+00:00","author":{"@id":""},"breadcrumb":{"@id":"http:\/\/127.0.0.1\/sql-injection-y-cross-site-scripting-en-woocommerce-google-feed-manager\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["http:\/\/127.0.0.1\/sql-injection-y-cross-site-scripting-en-woocommerce-google-feed-manager\/"]}]},{"@type":"BreadcrumbList","@id":"http:\/\/127.0.0.1\/sql-injection-y-cross-site-scripting-en-woocommerce-google-feed-manager\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"http:\/\/127.0.0.1\/"},{"@type":"ListItem","position":2,"name":"SQL Injection y Cross-Site Scripting en WooCommerce Google Feed Manager"}]},{"@type":"WebSite","@id":"http:\/\/127.0.0.1\/#website","url":"http:\/\/127.0.0.1\/","name":"SeguridadWordPress.es","description":"Recopilaci\u00f3n de vulnerabilidades WordPress.","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"http:\/\/127.0.0.1\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"}]}},"amp_enabled":true,"_links":{"self":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts\/3534"}],"collection":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/comments?post=3534"}],"version-history":[{"count":0,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts\/3534\/revisions"}],"wp:attachment":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/media?parent=3534"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/categories?post=3534"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/tags?post=3534"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}