{"id":3597,"date":"2024-04-22T21:45:19","date_gmt":"2024-04-22T21:45:19","guid":{"rendered":"http:\/\/127.0.0.1\/rank-math-seo-with-ai-seo-tools-1-0-216-ataque-de-scripting-en-sitio-cruzado-almacenado-autenticado-contribuidor-a-traves-de-titlewrapper\/"},"modified":"2024-04-22T21:45:19","modified_gmt":"2024-04-22T21:45:19","slug":"rank-math-seo-with-ai-seo-tools-1-0-216-ataque-de-scripting-en-sitio-cruzado-almacenado-autenticado-contribuidor-a-traves-de-titlewrapper","status":"publish","type":"post","link":"http:\/\/127.0.0.1\/rank-math-seo-with-ai-seo-tools-1-0-216-ataque-de-scripting-en-sitio-cruzado-almacenado-autenticado-contribuidor-a-traves-de-titlewrapper\/","title":{"rendered":"Rank Math SEO with AI SEO Tools <= 1.0.216 – Ataque de Scripting en Sitio Cruzado Almacenado Autenticado (Contribuidor+) a trav\u00e9s de 'titleWrapper'"},"content":{"rendered":"
La vulnerabilidad CVE-2024-3665 permite a atacantes autenticados con acceso de contribuidor y superior ejecutar scripts web arbitrarios en p\u00e1ginas de WordPress usando el plugin Rank Math SEO with AI SEO Tools.<\/div>\n

<\/p>\n

El plugin Rank Math SEO with AI SEO Tools para WordPress es vulnerable a un ataque de Scripting en Sitio Cruzado Almacenado a trav\u00e9s de los widgets HowTo y FAQ en todas las versiones hasta, e incluyendo, la 1.0.216 debido a una insuficiente sanitizaci\u00f3n de entrada y escapado de salida en atributos proporcionados por el usuario. Esto permite a atacantes autenticados con acceso de contribuidor y superior inyectar scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a la p\u00e1gina inyectada.<\/div>\n
Para mitigar esta vulnerabilidad, se recomienda a los usuarios actualizar a la \u00faltima versi\u00f3n del plugin Rank Math SEO with AI SEO Tools y mantener todos los plugins de WordPress siempre actualizados para protegerse contra posibles ataques de Scripting en Sitio Cruzado Almacenado.<\/div>\n","protected":false},"excerpt":{"rendered":"

La vulnerabilidad CVE-2024-3665 permite a atacantes autenticados con acceso de contribuidor y superior ejecutar scripts web arbitrarios en p\u00e1ginas de WordPress usando el plugin Rank Math SEO with AI SEO Tools. El plugin Rank Math SEO with AI SEO Tools para WordPress es vulnerable a un ataque de Scripting en Sitio Cruzado Almacenado a trav\u00e9s […]<\/p>\n","protected":false},"author":0,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[1307],"yoast_head":"\nRank Math SEO with AI SEO Tools <= 1.0.216 - Ataque de Scripting en Sitio Cruzado Almacenado Autenticado (Contribuidor+) a trav\u00e9s de 'titleWrapper' - SeguridadWordPress.es<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"http:\/\/127.0.0.1\/rank-math-seo-with-ai-seo-tools-1-0-216-ataque-de-scripting-en-sitio-cruzado-almacenado-autenticado-contribuidor-a-traves-de-titlewrapper\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Rank Math SEO with AI SEO Tools <= 1.0.216 - Ataque de Scripting en Sitio Cruzado Almacenado Autenticado (Contribuidor+) a trav\u00e9s de 'titleWrapper' - SeguridadWordPress.es\" \/>\n<meta property=\"og:description\" content=\"La vulnerabilidad CVE-2024-3665 permite a atacantes autenticados con acceso de contribuidor y superior ejecutar scripts web arbitrarios en p\u00e1ginas de WordPress usando el plugin Rank Math SEO with AI SEO Tools. El plugin Rank Math SEO with AI SEO Tools para WordPress es vulnerable a un ataque de Scripting en Sitio Cruzado Almacenado a trav\u00e9s […]\" \/>\n<meta property=\"og:url\" content=\"http:\/\/127.0.0.1\/rank-math-seo-with-ai-seo-tools-1-0-216-ataque-de-scripting-en-sitio-cruzado-almacenado-autenticado-contribuidor-a-traves-de-titlewrapper\/\" \/>\n<meta property=\"og:site_name\" content=\"SeguridadWordPress.es\" \/>\n<meta property=\"article:published_time\" content=\"2024-04-22T21:45:19+00:00\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"http:\/\/127.0.0.1\/rank-math-seo-with-ai-seo-tools-1-0-216-ataque-de-scripting-en-sitio-cruzado-almacenado-autenticado-contribuidor-a-traves-de-titlewrapper\/\",\"url\":\"http:\/\/127.0.0.1\/rank-math-seo-with-ai-seo-tools-1-0-216-ataque-de-scripting-en-sitio-cruzado-almacenado-autenticado-contribuidor-a-traves-de-titlewrapper\/\",\"name\":\"Rank Math SEO with AI SEO Tools <= 1.0.216 - Ataque de Scripting en Sitio Cruzado Almacenado Autenticado (Contribuidor+) a trav\u00e9s de 'titleWrapper' - SeguridadWordPress.es\",\"isPartOf\":{\"@id\":\"http:\/\/127.0.0.1\/#website\"},\"datePublished\":\"2024-04-22T21:45:19+00:00\",\"dateModified\":\"2024-04-22T21:45:19+00:00\",\"author\":{\"@id\":\"\"},\"breadcrumb\":{\"@id\":\"http:\/\/127.0.0.1\/rank-math-seo-with-ai-seo-tools-1-0-216-ataque-de-scripting-en-sitio-cruzado-almacenado-autenticado-contribuidor-a-traves-de-titlewrapper\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"http:\/\/127.0.0.1\/rank-math-seo-with-ai-seo-tools-1-0-216-ataque-de-scripting-en-sitio-cruzado-almacenado-autenticado-contribuidor-a-traves-de-titlewrapper\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"http:\/\/127.0.0.1\/rank-math-seo-with-ai-seo-tools-1-0-216-ataque-de-scripting-en-sitio-cruzado-almacenado-autenticado-contribuidor-a-traves-de-titlewrapper\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"http:\/\/127.0.0.1\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Rank Math SEO with AI SEO Tools <= 1.0.216 – Ataque de Scripting en Sitio Cruzado Almacenado Autenticado (Contribuidor+) a trav\u00e9s de 'titleWrapper'\"}]},{\"@type\":\"WebSite\",\"@id\":\"http:\/\/127.0.0.1\/#website\",\"url\":\"http:\/\/127.0.0.1\/\",\"name\":\"SeguridadWordPress.es\",\"description\":\"Recopilaci\u00f3n de vulnerabilidades WordPress.\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"http:\/\/127.0.0.1\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Rank Math SEO with AI SEO Tools <= 1.0.216 - Ataque de Scripting en Sitio Cruzado Almacenado Autenticado (Contribuidor+) a trav\u00e9s de 'titleWrapper' - SeguridadWordPress.es","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"http:\/\/127.0.0.1\/rank-math-seo-with-ai-seo-tools-1-0-216-ataque-de-scripting-en-sitio-cruzado-almacenado-autenticado-contribuidor-a-traves-de-titlewrapper\/","og_locale":"en_US","og_type":"article","og_title":"Rank Math SEO with AI SEO Tools <= 1.0.216 - Ataque de Scripting en Sitio Cruzado Almacenado Autenticado (Contribuidor+) a trav\u00e9s de 'titleWrapper' - SeguridadWordPress.es","og_description":"La vulnerabilidad CVE-2024-3665 permite a atacantes autenticados con acceso de contribuidor y superior ejecutar scripts web arbitrarios en p\u00e1ginas de WordPress usando el plugin Rank Math SEO with AI SEO Tools. El plugin Rank Math SEO with AI SEO Tools para WordPress es vulnerable a un ataque de Scripting en Sitio Cruzado Almacenado a trav\u00e9s […]","og_url":"http:\/\/127.0.0.1\/rank-math-seo-with-ai-seo-tools-1-0-216-ataque-de-scripting-en-sitio-cruzado-almacenado-autenticado-contribuidor-a-traves-de-titlewrapper\/","og_site_name":"SeguridadWordPress.es","article_published_time":"2024-04-22T21:45:19+00:00","twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"http:\/\/127.0.0.1\/rank-math-seo-with-ai-seo-tools-1-0-216-ataque-de-scripting-en-sitio-cruzado-almacenado-autenticado-contribuidor-a-traves-de-titlewrapper\/","url":"http:\/\/127.0.0.1\/rank-math-seo-with-ai-seo-tools-1-0-216-ataque-de-scripting-en-sitio-cruzado-almacenado-autenticado-contribuidor-a-traves-de-titlewrapper\/","name":"Rank Math SEO with AI SEO Tools <= 1.0.216 - Ataque de Scripting en Sitio Cruzado Almacenado Autenticado (Contribuidor+) a trav\u00e9s de 'titleWrapper' - SeguridadWordPress.es","isPartOf":{"@id":"http:\/\/127.0.0.1\/#website"},"datePublished":"2024-04-22T21:45:19+00:00","dateModified":"2024-04-22T21:45:19+00:00","author":{"@id":""},"breadcrumb":{"@id":"http:\/\/127.0.0.1\/rank-math-seo-with-ai-seo-tools-1-0-216-ataque-de-scripting-en-sitio-cruzado-almacenado-autenticado-contribuidor-a-traves-de-titlewrapper\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["http:\/\/127.0.0.1\/rank-math-seo-with-ai-seo-tools-1-0-216-ataque-de-scripting-en-sitio-cruzado-almacenado-autenticado-contribuidor-a-traves-de-titlewrapper\/"]}]},{"@type":"BreadcrumbList","@id":"http:\/\/127.0.0.1\/rank-math-seo-with-ai-seo-tools-1-0-216-ataque-de-scripting-en-sitio-cruzado-almacenado-autenticado-contribuidor-a-traves-de-titlewrapper\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"http:\/\/127.0.0.1\/"},{"@type":"ListItem","position":2,"name":"Rank Math SEO with AI SEO Tools <= 1.0.216 – Ataque de Scripting en Sitio Cruzado Almacenado Autenticado (Contribuidor+) a trav\u00e9s de 'titleWrapper'"}]},{"@type":"WebSite","@id":"http:\/\/127.0.0.1\/#website","url":"http:\/\/127.0.0.1\/","name":"SeguridadWordPress.es","description":"Recopilaci\u00f3n de vulnerabilidades WordPress.","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"http:\/\/127.0.0.1\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"}]}},"amp_enabled":true,"_links":{"self":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts\/3597"}],"collection":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/comments?post=3597"}],"version-history":[{"count":0,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts\/3597\/revisions"}],"wp:attachment":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/media?parent=3597"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/categories?post=3597"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/tags?post=3597"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}