{"id":3716,"date":"2024-05-19T12:45:25","date_gmt":"2024-05-19T12:45:25","guid":{"rendered":"http:\/\/127.0.0.1\/vulnerabilidad-en-el-plugin-contact-form-de-fluent-forms-para-wordpress\/"},"modified":"2024-05-19T12:45:25","modified_gmt":"2024-05-19T12:45:25","slug":"vulnerabilidad-en-el-plugin-contact-form-de-fluent-forms-para-wordpress","status":"publish","type":"post","link":"http:\/\/127.0.0.1\/vulnerabilidad-en-el-plugin-contact-form-de-fluent-forms-para-wordpress\/","title":{"rendered":"Vulnerabilidad en el Plugin Contact Form de Fluent Forms para WordPress"},"content":{"rendered":"<div>El plugin Contact Form de Fluent Forms para Quiz, Encuestas y Constructor de Formularios WP con arrastrar y soltar es vulnerable a la modificaci\u00f3n no autorizada de datos debido a la falta de verificaci\u00f3n de capacidades en el punto final \/wp-json\/fluentform\/v1\/global-settings API REST en todas las versiones hasta, e incluyendo, la 5.1.16. Esto permite a atacantes no autenticados modificar todos los ajustes del plugin.<\/div>\n<p><\/p>\n<div>La vulnerabilidad identificada con el ID CVE-2024-2782 se origina en la falta de autorizaci\u00f3n en la manipulaci\u00f3n de ajustes del plugin de formularios de contacto. Para mitigar esta vulnerabilidad, se recomienda a los usuarios actualizar la versi\u00f3n del plugin a la m\u00e1s reciente disponible. Adicionalmente, se sugiere restringir el acceso al endpoint \/wp-json\/fluentform\/v1\/global-settings API REST para usuarios no autenticados y mantener un monitoreo constante de posibles cambios o actividad sospechosa en los ajustes del plugin.<\/div>\n<div>Es fundamental para los usuarios de WordPress mantener sus plugins actualizados y tomar medidas preventivas para protegerse contra posibles vulnerabilidades. En el caso del plugin Contact Form de Fluent Forms, la falta de autorizaci\u00f3n en la manipulaci\u00f3n de ajustes representa un riesgo para la integridad de los datos. Al seguir las recomendaciones de actualizaci\u00f3n y seguridad mencionadas, los usuarios pueden reducir la exposici\u00f3n a ataques y mantener la integridad de sus sitios web.<\/div>\n","protected":false},"excerpt":{"rendered":"<p>El plugin Contact Form de Fluent Forms para Quiz, Encuestas y Constructor de Formularios WP con arrastrar y soltar es vulnerable a la modificaci\u00f3n no autorizada de datos debido a la falta de verificaci\u00f3n de capacidades en el punto final \/wp-json\/fluentform\/v1\/global-settings API REST en todas las versiones hasta, e incluyendo, la 5.1.16. Esto permite a [&hellip;]<\/p>\n","protected":false},"author":0,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[1426],"class_list":["post-3716","post","type-post","status-publish","format-standard","hentry","category-uncategorized","tag-cve-2024-2782"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v21.8 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Vulnerabilidad en el Plugin Contact Form de Fluent Forms para WordPress - SeguridadWordPress.es<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"http:\/\/127.0.0.1\/vulnerabilidad-en-el-plugin-contact-form-de-fluent-forms-para-wordpress\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Vulnerabilidad en el Plugin Contact Form de Fluent Forms para WordPress - SeguridadWordPress.es\" \/>\n<meta property=\"og:description\" content=\"El plugin Contact Form de Fluent Forms para Quiz, Encuestas y Constructor de Formularios WP con arrastrar y soltar es vulnerable a la modificaci\u00f3n no autorizada de datos debido a la falta de verificaci\u00f3n de capacidades en el punto final \/wp-json\/fluentform\/v1\/global-settings API REST en todas las versiones hasta, e incluyendo, la 5.1.16. Esto permite a [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"http:\/\/127.0.0.1\/vulnerabilidad-en-el-plugin-contact-form-de-fluent-forms-para-wordpress\/\" \/>\n<meta property=\"og:site_name\" content=\"SeguridadWordPress.es\" \/>\n<meta property=\"article:published_time\" content=\"2024-05-19T12:45:25+00:00\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"http:\/\/127.0.0.1\/vulnerabilidad-en-el-plugin-contact-form-de-fluent-forms-para-wordpress\/\",\"url\":\"http:\/\/127.0.0.1\/vulnerabilidad-en-el-plugin-contact-form-de-fluent-forms-para-wordpress\/\",\"name\":\"Vulnerabilidad en el Plugin Contact Form de Fluent Forms para WordPress - SeguridadWordPress.es\",\"isPartOf\":{\"@id\":\"http:\/\/127.0.0.1\/#website\"},\"datePublished\":\"2024-05-19T12:45:25+00:00\",\"dateModified\":\"2024-05-19T12:45:25+00:00\",\"author\":{\"@id\":\"\"},\"breadcrumb\":{\"@id\":\"http:\/\/127.0.0.1\/vulnerabilidad-en-el-plugin-contact-form-de-fluent-forms-para-wordpress\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"http:\/\/127.0.0.1\/vulnerabilidad-en-el-plugin-contact-form-de-fluent-forms-para-wordpress\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"http:\/\/127.0.0.1\/vulnerabilidad-en-el-plugin-contact-form-de-fluent-forms-para-wordpress\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"http:\/\/127.0.0.1\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Vulnerabilidad en el Plugin Contact Form de Fluent Forms para WordPress\"}]},{\"@type\":\"WebSite\",\"@id\":\"http:\/\/127.0.0.1\/#website\",\"url\":\"http:\/\/127.0.0.1\/\",\"name\":\"SeguridadWordPress.es\",\"description\":\"Recopilaci\u00f3n de vulnerabilidades WordPress.\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"http:\/\/127.0.0.1\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Vulnerabilidad en el Plugin Contact Form de Fluent Forms para WordPress - SeguridadWordPress.es","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"http:\/\/127.0.0.1\/vulnerabilidad-en-el-plugin-contact-form-de-fluent-forms-para-wordpress\/","og_locale":"en_US","og_type":"article","og_title":"Vulnerabilidad en el Plugin Contact Form de Fluent Forms para WordPress - SeguridadWordPress.es","og_description":"El plugin Contact Form de Fluent Forms para Quiz, Encuestas y Constructor de Formularios WP con arrastrar y soltar es vulnerable a la modificaci\u00f3n no autorizada de datos debido a la falta de verificaci\u00f3n de capacidades en el punto final \/wp-json\/fluentform\/v1\/global-settings API REST en todas las versiones hasta, e incluyendo, la 5.1.16. Esto permite a [&hellip;]","og_url":"http:\/\/127.0.0.1\/vulnerabilidad-en-el-plugin-contact-form-de-fluent-forms-para-wordpress\/","og_site_name":"SeguridadWordPress.es","article_published_time":"2024-05-19T12:45:25+00:00","twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"http:\/\/127.0.0.1\/vulnerabilidad-en-el-plugin-contact-form-de-fluent-forms-para-wordpress\/","url":"http:\/\/127.0.0.1\/vulnerabilidad-en-el-plugin-contact-form-de-fluent-forms-para-wordpress\/","name":"Vulnerabilidad en el Plugin Contact Form de Fluent Forms para WordPress - SeguridadWordPress.es","isPartOf":{"@id":"http:\/\/127.0.0.1\/#website"},"datePublished":"2024-05-19T12:45:25+00:00","dateModified":"2024-05-19T12:45:25+00:00","author":{"@id":""},"breadcrumb":{"@id":"http:\/\/127.0.0.1\/vulnerabilidad-en-el-plugin-contact-form-de-fluent-forms-para-wordpress\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["http:\/\/127.0.0.1\/vulnerabilidad-en-el-plugin-contact-form-de-fluent-forms-para-wordpress\/"]}]},{"@type":"BreadcrumbList","@id":"http:\/\/127.0.0.1\/vulnerabilidad-en-el-plugin-contact-form-de-fluent-forms-para-wordpress\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"http:\/\/127.0.0.1\/"},{"@type":"ListItem","position":2,"name":"Vulnerabilidad en el Plugin Contact Form de Fluent Forms para WordPress"}]},{"@type":"WebSite","@id":"http:\/\/127.0.0.1\/#website","url":"http:\/\/127.0.0.1\/","name":"SeguridadWordPress.es","description":"Recopilaci\u00f3n de vulnerabilidades WordPress.","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"http:\/\/127.0.0.1\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"}]}},"amp_enabled":true,"_links":{"self":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts\/3716"}],"collection":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/comments?post=3716"}],"version-history":[{"count":0,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts\/3716\/revisions"}],"wp:attachment":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/media?parent=3716"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/categories?post=3716"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/tags?post=3716"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}