{"id":3784,"date":"2024-05-22T13:45:30","date_gmt":"2024-05-22T13:45:30","guid":{"rendered":"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-almacenado-en-paypal-pay-now-buy-now-donation-and-cart-buttons-shortcode-1-7-authenticated-admin\/"},"modified":"2024-05-22T13:45:30","modified_gmt":"2024-05-22T13:45:30","slug":"vulnerabilidad-de-cross-site-scripting-almacenado-en-paypal-pay-now-buy-now-donation-and-cart-buttons-shortcode-1-7-authenticated-admin","status":"publish","type":"post","link":"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-almacenado-en-paypal-pay-now-buy-now-donation-and-cart-buttons-shortcode-1-7-authenticated-admin\/","title":{"rendered":"Vulnerabilidad de Cross-Site Scripting Almacenado en PayPal Pay Now, Buy Now, Donation and Cart Buttons Shortcode &lt;= 1.7 &#8211;  Authenticated (Admin+)"},"content":{"rendered":"<div>El plugin PayPal Pay Now, Buy Now, Donation and Cart Buttons Shortcode para WordPress es vulnerable a Cross-Site Scripting Almacenado a trav\u00e9s de la configuraci\u00f3n de administrador en todas las versiones hasta, e incluyendo, 1.7 debido a una sanitizaci\u00f3n insuficiente de la entrada y escape de salida. Esto permite que atacantes autenticados, con permisos de administrador y superiores, inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina infectada. Esto solo afecta a instalaciones multi-sitio e instalaciones donde unfiltered_html ha sido deshabilitado.<\/div>\n<p><\/p>\n<div>Los usuarios afectados por esta vulnerabilidad deben actualizar urgentemente a la \u00faltima versi\u00f3n del plugin, en este caso, la 1.8. Adem\u00e1s, se recomienda restringir los permisos de los usuarios administrativos para limitar el riesgo de que un atacante pueda aprovechar esta vulnerabilidad. Tambi\u00e9n es recomendable implementar un firewall de aplicaciones web (WAF) para ayudar a detectar y bloquear intentos de ataques de este tipo.<\/div>\n<div>Es fundamental para los usuarios de WordPress mantener actualizados todos los plugins y temas instalados, as\u00ed como implementar las mejores pr\u00e1cticas de seguridad para proteger sus sitios web de posibles vulnerabilidades como esta.<\/div>\n","protected":false},"excerpt":{"rendered":"<p>El plugin PayPal Pay Now, Buy Now, Donation and Cart Buttons Shortcode para WordPress es vulnerable a Cross-Site Scripting Almacenado a trav\u00e9s de la configuraci\u00f3n de administrador en todas las versiones hasta, e incluyendo, 1.7 debido a una sanitizaci\u00f3n insuficiente de la entrada y escape de salida. Esto permite que atacantes autenticados, con permisos de [&hellip;]<\/p>\n","protected":false},"author":0,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[1494],"class_list":["post-3784","post","type-post","status-publish","format-standard","hentry","category-uncategorized","tag-cve-2024-3065"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v21.8 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Vulnerabilidad de Cross-Site Scripting Almacenado en PayPal Pay Now, Buy Now, Donation and Cart Buttons Shortcode &lt;= 1.7 - Authenticated (Admin+) - SeguridadWordPress.es<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-almacenado-en-paypal-pay-now-buy-now-donation-and-cart-buttons-shortcode-1-7-authenticated-admin\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Vulnerabilidad de Cross-Site Scripting Almacenado en PayPal Pay Now, Buy Now, Donation and Cart Buttons Shortcode &lt;= 1.7 - Authenticated (Admin+) - SeguridadWordPress.es\" \/>\n<meta property=\"og:description\" content=\"El plugin PayPal Pay Now, Buy Now, Donation and Cart Buttons Shortcode para WordPress es vulnerable a Cross-Site Scripting Almacenado a trav\u00e9s de la configuraci\u00f3n de administrador en todas las versiones hasta, e incluyendo, 1.7 debido a una sanitizaci\u00f3n insuficiente de la entrada y escape de salida. Esto permite que atacantes autenticados, con permisos de [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-almacenado-en-paypal-pay-now-buy-now-donation-and-cart-buttons-shortcode-1-7-authenticated-admin\/\" \/>\n<meta property=\"og:site_name\" content=\"SeguridadWordPress.es\" \/>\n<meta property=\"article:published_time\" content=\"2024-05-22T13:45:30+00:00\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-almacenado-en-paypal-pay-now-buy-now-donation-and-cart-buttons-shortcode-1-7-authenticated-admin\/\",\"url\":\"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-almacenado-en-paypal-pay-now-buy-now-donation-and-cart-buttons-shortcode-1-7-authenticated-admin\/\",\"name\":\"Vulnerabilidad de Cross-Site Scripting Almacenado en PayPal Pay Now, Buy Now, Donation and Cart Buttons Shortcode &lt;= 1.7 - Authenticated (Admin+) - SeguridadWordPress.es\",\"isPartOf\":{\"@id\":\"http:\/\/127.0.0.1\/#website\"},\"datePublished\":\"2024-05-22T13:45:30+00:00\",\"dateModified\":\"2024-05-22T13:45:30+00:00\",\"author\":{\"@id\":\"\"},\"breadcrumb\":{\"@id\":\"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-almacenado-en-paypal-pay-now-buy-now-donation-and-cart-buttons-shortcode-1-7-authenticated-admin\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-almacenado-en-paypal-pay-now-buy-now-donation-and-cart-buttons-shortcode-1-7-authenticated-admin\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-almacenado-en-paypal-pay-now-buy-now-donation-and-cart-buttons-shortcode-1-7-authenticated-admin\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"http:\/\/127.0.0.1\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Vulnerabilidad de Cross-Site Scripting Almacenado en PayPal Pay Now, Buy Now, Donation and Cart Buttons Shortcode &lt;= 1.7 &#8211; Authenticated (Admin+)\"}]},{\"@type\":\"WebSite\",\"@id\":\"http:\/\/127.0.0.1\/#website\",\"url\":\"http:\/\/127.0.0.1\/\",\"name\":\"SeguridadWordPress.es\",\"description\":\"Recopilaci\u00f3n de vulnerabilidades WordPress.\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"http:\/\/127.0.0.1\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Vulnerabilidad de Cross-Site Scripting Almacenado en PayPal Pay Now, Buy Now, Donation and Cart Buttons Shortcode &lt;= 1.7 - Authenticated (Admin+) - SeguridadWordPress.es","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-almacenado-en-paypal-pay-now-buy-now-donation-and-cart-buttons-shortcode-1-7-authenticated-admin\/","og_locale":"en_US","og_type":"article","og_title":"Vulnerabilidad de Cross-Site Scripting Almacenado en PayPal Pay Now, Buy Now, Donation and Cart Buttons Shortcode &lt;= 1.7 - Authenticated (Admin+) - SeguridadWordPress.es","og_description":"El plugin PayPal Pay Now, Buy Now, Donation and Cart Buttons Shortcode para WordPress es vulnerable a Cross-Site Scripting Almacenado a trav\u00e9s de la configuraci\u00f3n de administrador en todas las versiones hasta, e incluyendo, 1.7 debido a una sanitizaci\u00f3n insuficiente de la entrada y escape de salida. Esto permite que atacantes autenticados, con permisos de [&hellip;]","og_url":"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-almacenado-en-paypal-pay-now-buy-now-donation-and-cart-buttons-shortcode-1-7-authenticated-admin\/","og_site_name":"SeguridadWordPress.es","article_published_time":"2024-05-22T13:45:30+00:00","twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-almacenado-en-paypal-pay-now-buy-now-donation-and-cart-buttons-shortcode-1-7-authenticated-admin\/","url":"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-almacenado-en-paypal-pay-now-buy-now-donation-and-cart-buttons-shortcode-1-7-authenticated-admin\/","name":"Vulnerabilidad de Cross-Site Scripting Almacenado en PayPal Pay Now, Buy Now, Donation and Cart Buttons Shortcode &lt;= 1.7 - Authenticated (Admin+) - SeguridadWordPress.es","isPartOf":{"@id":"http:\/\/127.0.0.1\/#website"},"datePublished":"2024-05-22T13:45:30+00:00","dateModified":"2024-05-22T13:45:30+00:00","author":{"@id":""},"breadcrumb":{"@id":"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-almacenado-en-paypal-pay-now-buy-now-donation-and-cart-buttons-shortcode-1-7-authenticated-admin\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-almacenado-en-paypal-pay-now-buy-now-donation-and-cart-buttons-shortcode-1-7-authenticated-admin\/"]}]},{"@type":"BreadcrumbList","@id":"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-almacenado-en-paypal-pay-now-buy-now-donation-and-cart-buttons-shortcode-1-7-authenticated-admin\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"http:\/\/127.0.0.1\/"},{"@type":"ListItem","position":2,"name":"Vulnerabilidad de Cross-Site Scripting Almacenado en PayPal Pay Now, Buy Now, Donation and Cart Buttons Shortcode &lt;= 1.7 &#8211; Authenticated (Admin+)"}]},{"@type":"WebSite","@id":"http:\/\/127.0.0.1\/#website","url":"http:\/\/127.0.0.1\/","name":"SeguridadWordPress.es","description":"Recopilaci\u00f3n de vulnerabilidades WordPress.","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"http:\/\/127.0.0.1\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"}]}},"amp_enabled":true,"_links":{"self":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts\/3784"}],"collection":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/comments?post=3784"}],"version-history":[{"count":0,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts\/3784\/revisions"}],"wp:attachment":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/media?parent=3784"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/categories?post=3784"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/tags?post=3784"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}