{"id":3598,"date":"2024-04-22T22:45:09","date_gmt":"2024-04-22T22:45:09","guid":{"rendered":"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-en-schema-structured-data-for-wp-amp\/"},"modified":"2024-04-22T22:45:09","modified_gmt":"2024-04-22T22:45:09","slug":"vulnerabilidad-de-cross-site-scripting-en-schema-structured-data-for-wp-amp","status":"publish","type":"post","link":"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-en-schema-structured-data-for-wp-amp\/","title":{"rendered":"Vulnerabilidad de Cross-Site Scripting en Schema & Structured Data for WP & AMP"},"content":{"rendered":"
La vulnerabilidad CVE-2024-3491 afecta al plugin Schema & Structured Data for WP & AMP para WordPress, permitiendo a atacantes autenticados con acceso de nivel contribuidor y superior realizar ataques de Cross-Site Scripting almacenado a trav\u00e9s de los bloques ‘How To’ y ‘FAQ’.<\/div>\n

<\/p>\n

La falta de saneamiento de entrada y escape de salida en atributos proporcionados por el usuario en las versiones hasta la 1.29 del plugin hace posible que los atacantes inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a esa p\u00e1gina comprometida.<\/div>\n
Para mitigar esta vulnerabilidad, se recomienda a los usuarios actualizar a la \u00faltima versi\u00f3n del plugin Schema & Structured Data for WP & AMP tan pronto como est\u00e9 disponible. Adem\u00e1s, se aconseja a los administradores de sitios web realizar una revisi\u00f3n de seguridad peri\u00f3dica para identificar y solucionar posibles vulnerabilidades en plugins y temas de WordPress.<\/div>\n","protected":false},"excerpt":{"rendered":"

La vulnerabilidad CVE-2024-3491 afecta al plugin Schema & Structured Data for WP & AMP para WordPress, permitiendo a atacantes autenticados con acceso de nivel contribuidor y superior realizar ataques de Cross-Site Scripting almacenado a trav\u00e9s de los bloques ‘How To’ y ‘FAQ’. La falta de saneamiento de entrada y escape de salida en atributos proporcionados […]<\/p>\n","protected":false},"author":0,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[1308],"yoast_head":"\nVulnerabilidad de Cross-Site Scripting en Schema & Structured Data for WP & AMP - SeguridadWordPress.es<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-en-schema-structured-data-for-wp-amp\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Vulnerabilidad de Cross-Site Scripting en Schema & Structured Data for WP & AMP - SeguridadWordPress.es\" \/>\n<meta property=\"og:description\" content=\"La vulnerabilidad CVE-2024-3491 afecta al plugin Schema & Structured Data for WP & AMP para WordPress, permitiendo a atacantes autenticados con acceso de nivel contribuidor y superior realizar ataques de Cross-Site Scripting almacenado a trav\u00e9s de los bloques ‘How To’ y ‘FAQ’. La falta de saneamiento de entrada y escape de salida en atributos proporcionados […]\" \/>\n<meta property=\"og:url\" content=\"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-en-schema-structured-data-for-wp-amp\/\" \/>\n<meta property=\"og:site_name\" content=\"SeguridadWordPress.es\" \/>\n<meta property=\"article:published_time\" content=\"2024-04-22T22:45:09+00:00\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-en-schema-structured-data-for-wp-amp\/\",\"url\":\"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-en-schema-structured-data-for-wp-amp\/\",\"name\":\"Vulnerabilidad de Cross-Site Scripting en Schema & Structured Data for WP & AMP - SeguridadWordPress.es\",\"isPartOf\":{\"@id\":\"http:\/\/127.0.0.1\/#website\"},\"datePublished\":\"2024-04-22T22:45:09+00:00\",\"dateModified\":\"2024-04-22T22:45:09+00:00\",\"author\":{\"@id\":\"\"},\"breadcrumb\":{\"@id\":\"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-en-schema-structured-data-for-wp-amp\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-en-schema-structured-data-for-wp-amp\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-en-schema-structured-data-for-wp-amp\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"http:\/\/127.0.0.1\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Vulnerabilidad de Cross-Site Scripting en Schema & Structured Data for WP & AMP\"}]},{\"@type\":\"WebSite\",\"@id\":\"http:\/\/127.0.0.1\/#website\",\"url\":\"http:\/\/127.0.0.1\/\",\"name\":\"SeguridadWordPress.es\",\"description\":\"Recopilaci\u00f3n de vulnerabilidades WordPress.\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"http:\/\/127.0.0.1\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Vulnerabilidad de Cross-Site Scripting en Schema & Structured Data for WP & AMP - SeguridadWordPress.es","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-en-schema-structured-data-for-wp-amp\/","og_locale":"en_US","og_type":"article","og_title":"Vulnerabilidad de Cross-Site Scripting en Schema & Structured Data for WP & AMP - SeguridadWordPress.es","og_description":"La vulnerabilidad CVE-2024-3491 afecta al plugin Schema & Structured Data for WP & AMP para WordPress, permitiendo a atacantes autenticados con acceso de nivel contribuidor y superior realizar ataques de Cross-Site Scripting almacenado a trav\u00e9s de los bloques ‘How To’ y ‘FAQ’. La falta de saneamiento de entrada y escape de salida en atributos proporcionados […]","og_url":"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-en-schema-structured-data-for-wp-amp\/","og_site_name":"SeguridadWordPress.es","article_published_time":"2024-04-22T22:45:09+00:00","twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-en-schema-structured-data-for-wp-amp\/","url":"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-en-schema-structured-data-for-wp-amp\/","name":"Vulnerabilidad de Cross-Site Scripting en Schema & Structured Data for WP & AMP - SeguridadWordPress.es","isPartOf":{"@id":"http:\/\/127.0.0.1\/#website"},"datePublished":"2024-04-22T22:45:09+00:00","dateModified":"2024-04-22T22:45:09+00:00","author":{"@id":""},"breadcrumb":{"@id":"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-en-schema-structured-data-for-wp-amp\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-en-schema-structured-data-for-wp-amp\/"]}]},{"@type":"BreadcrumbList","@id":"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-en-schema-structured-data-for-wp-amp\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"http:\/\/127.0.0.1\/"},{"@type":"ListItem","position":2,"name":"Vulnerabilidad de Cross-Site Scripting en Schema & Structured Data for WP & AMP"}]},{"@type":"WebSite","@id":"http:\/\/127.0.0.1\/#website","url":"http:\/\/127.0.0.1\/","name":"SeguridadWordPress.es","description":"Recopilaci\u00f3n de vulnerabilidades WordPress.","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"http:\/\/127.0.0.1\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"}]}},"amp_enabled":true,"_links":{"self":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts\/3598"}],"collection":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/comments?post=3598"}],"version-history":[{"count":0,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts\/3598\/revisions"}],"wp:attachment":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/media?parent=3598"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/categories?post=3598"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/tags?post=3598"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}