{"id":3777,"date":"2024-05-21T20:45:24","date_gmt":"2024-05-21T20:45:24","guid":{"rendered":"http:\/\/127.0.0.1\/vulnerabilidad-en-memberpress-1-11-29-ssrf-a-traves-de-shortcode-mepr-user-file\/"},"modified":"2024-05-21T20:45:24","modified_gmt":"2024-05-21T20:45:24","slug":"vulnerabilidad-en-memberpress-1-11-29-ssrf-a-traves-de-shortcode-mepr-user-file","status":"publish","type":"post","link":"http:\/\/127.0.0.1\/vulnerabilidad-en-memberpress-1-11-29-ssrf-a-traves-de-shortcode-mepr-user-file\/","title":{"rendered":"Vulnerabilidad en MemberPress <= 1.11.29 – SSRF a trav\u00e9s de shortcode mepr-user-file"},"content":{"rendered":"
El plugin Memberpress para WordPress es vulnerable a Server-Side Request Forgery (SSRF) en todas las versiones hasta, e incluyendo, la 1.11.29 a trav\u00e9s del shortcode ‘mepr-user-file’. Esto permite que atacantes autenticados, con acceso de nivel Contributor y superior, realicen solicitudes web a ubicaciones arbitrarias originadas desde la aplicaci\u00f3n web y pueden ser utilizadas para consultar y modificar informaci\u00f3n de servicios internos.<\/div>\n

<\/p>\n

Para subsanar esta vulnerabilidad, se recomienda a los usuarios actualizar a la versi\u00f3n m\u00e1s reciente de Memberpress tan pronto como sea posible. Adem\u00e1s, se sugiere restringir los permisos de los usuarios contribuyentes y superiores para reducir el riesgo de explotaci\u00f3n de esta vulnerabilidad. Los administradores de WordPress tambi\u00e9n pueden monitorear de cerca las solicitudes HTTP salientes desde la aplicaci\u00f3n para detectar posibles intentos de SSRF.<\/div>\n
Es crucial mantener todos los plugins y temas de WordPress actualizados para proteger el sitio de posibles vulnerabilidades de seguridad. La prevenci\u00f3n y la monitorizaci\u00f3n activa son clave para mitigar los riesgos de ataques como el SSRF en Memberpress.<\/div>\n","protected":false},"excerpt":{"rendered":"

El plugin Memberpress para WordPress es vulnerable a Server-Side Request Forgery (SSRF) en todas las versiones hasta, e incluyendo, la 1.11.29 a trav\u00e9s del shortcode ‘mepr-user-file’. Esto permite que atacantes autenticados, con acceso de nivel Contributor y superior, realicen solicitudes web a ubicaciones arbitrarias originadas desde la aplicaci\u00f3n web y pueden ser utilizadas para consultar […]<\/p>\n","protected":false},"author":0,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[1487],"class_list":["post-3777","post","type-post","status-publish","format-standard","hentry","category-uncategorized","tag-cve-2024-5031"],"yoast_head":"\nVulnerabilidad en MemberPress <= 1.11.29 - SSRF a trav\u00e9s de shortcode mepr-user-file - SeguridadWordPress.es<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"http:\/\/127.0.0.1\/vulnerabilidad-en-memberpress-1-11-29-ssrf-a-traves-de-shortcode-mepr-user-file\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Vulnerabilidad en MemberPress <= 1.11.29 - SSRF a trav\u00e9s de shortcode mepr-user-file - SeguridadWordPress.es\" \/>\n<meta property=\"og:description\" content=\"El plugin Memberpress para WordPress es vulnerable a Server-Side Request Forgery (SSRF) en todas las versiones hasta, e incluyendo, la 1.11.29 a trav\u00e9s del shortcode ‘mepr-user-file’. Esto permite que atacantes autenticados, con acceso de nivel Contributor y superior, realicen solicitudes web a ubicaciones arbitrarias originadas desde la aplicaci\u00f3n web y pueden ser utilizadas para consultar […]\" \/>\n<meta property=\"og:url\" content=\"http:\/\/127.0.0.1\/vulnerabilidad-en-memberpress-1-11-29-ssrf-a-traves-de-shortcode-mepr-user-file\/\" \/>\n<meta property=\"og:site_name\" content=\"SeguridadWordPress.es\" \/>\n<meta property=\"article:published_time\" content=\"2024-05-21T20:45:24+00:00\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"http:\/\/127.0.0.1\/vulnerabilidad-en-memberpress-1-11-29-ssrf-a-traves-de-shortcode-mepr-user-file\/\",\"url\":\"http:\/\/127.0.0.1\/vulnerabilidad-en-memberpress-1-11-29-ssrf-a-traves-de-shortcode-mepr-user-file\/\",\"name\":\"Vulnerabilidad en MemberPress <= 1.11.29 - SSRF a trav\u00e9s de shortcode mepr-user-file - SeguridadWordPress.es\",\"isPartOf\":{\"@id\":\"http:\/\/127.0.0.1\/#website\"},\"datePublished\":\"2024-05-21T20:45:24+00:00\",\"dateModified\":\"2024-05-21T20:45:24+00:00\",\"author\":{\"@id\":\"\"},\"breadcrumb\":{\"@id\":\"http:\/\/127.0.0.1\/vulnerabilidad-en-memberpress-1-11-29-ssrf-a-traves-de-shortcode-mepr-user-file\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"http:\/\/127.0.0.1\/vulnerabilidad-en-memberpress-1-11-29-ssrf-a-traves-de-shortcode-mepr-user-file\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"http:\/\/127.0.0.1\/vulnerabilidad-en-memberpress-1-11-29-ssrf-a-traves-de-shortcode-mepr-user-file\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"http:\/\/127.0.0.1\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Vulnerabilidad en MemberPress <= 1.11.29 – SSRF a trav\u00e9s de shortcode mepr-user-file\"}]},{\"@type\":\"WebSite\",\"@id\":\"http:\/\/127.0.0.1\/#website\",\"url\":\"http:\/\/127.0.0.1\/\",\"name\":\"SeguridadWordPress.es\",\"description\":\"Recopilaci\u00f3n de vulnerabilidades WordPress.\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"http:\/\/127.0.0.1\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Vulnerabilidad en MemberPress <= 1.11.29 - SSRF a trav\u00e9s de shortcode mepr-user-file - SeguridadWordPress.es","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"http:\/\/127.0.0.1\/vulnerabilidad-en-memberpress-1-11-29-ssrf-a-traves-de-shortcode-mepr-user-file\/","og_locale":"en_US","og_type":"article","og_title":"Vulnerabilidad en MemberPress <= 1.11.29 - SSRF a trav\u00e9s de shortcode mepr-user-file - SeguridadWordPress.es","og_description":"El plugin Memberpress para WordPress es vulnerable a Server-Side Request Forgery (SSRF) en todas las versiones hasta, e incluyendo, la 1.11.29 a trav\u00e9s del shortcode ‘mepr-user-file’. Esto permite que atacantes autenticados, con acceso de nivel Contributor y superior, realicen solicitudes web a ubicaciones arbitrarias originadas desde la aplicaci\u00f3n web y pueden ser utilizadas para consultar […]","og_url":"http:\/\/127.0.0.1\/vulnerabilidad-en-memberpress-1-11-29-ssrf-a-traves-de-shortcode-mepr-user-file\/","og_site_name":"SeguridadWordPress.es","article_published_time":"2024-05-21T20:45:24+00:00","twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"http:\/\/127.0.0.1\/vulnerabilidad-en-memberpress-1-11-29-ssrf-a-traves-de-shortcode-mepr-user-file\/","url":"http:\/\/127.0.0.1\/vulnerabilidad-en-memberpress-1-11-29-ssrf-a-traves-de-shortcode-mepr-user-file\/","name":"Vulnerabilidad en MemberPress <= 1.11.29 - SSRF a trav\u00e9s de shortcode mepr-user-file - SeguridadWordPress.es","isPartOf":{"@id":"http:\/\/127.0.0.1\/#website"},"datePublished":"2024-05-21T20:45:24+00:00","dateModified":"2024-05-21T20:45:24+00:00","author":{"@id":""},"breadcrumb":{"@id":"http:\/\/127.0.0.1\/vulnerabilidad-en-memberpress-1-11-29-ssrf-a-traves-de-shortcode-mepr-user-file\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["http:\/\/127.0.0.1\/vulnerabilidad-en-memberpress-1-11-29-ssrf-a-traves-de-shortcode-mepr-user-file\/"]}]},{"@type":"BreadcrumbList","@id":"http:\/\/127.0.0.1\/vulnerabilidad-en-memberpress-1-11-29-ssrf-a-traves-de-shortcode-mepr-user-file\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"http:\/\/127.0.0.1\/"},{"@type":"ListItem","position":2,"name":"Vulnerabilidad en MemberPress <= 1.11.29 – SSRF a trav\u00e9s de shortcode mepr-user-file"}]},{"@type":"WebSite","@id":"http:\/\/127.0.0.1\/#website","url":"http:\/\/127.0.0.1\/","name":"SeguridadWordPress.es","description":"Recopilaci\u00f3n de vulnerabilidades WordPress.","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"http:\/\/127.0.0.1\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"}]}},"amp_enabled":true,"_links":{"self":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts\/3777"}],"collection":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/comments?post=3777"}],"version-history":[{"count":0,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts\/3777\/revisions"}],"wp:attachment":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/media?parent=3777"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/categories?post=3777"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/tags?post=3777"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}