{"id":3788,"date":"2024-05-22T14:45:13","date_gmt":"2024-05-22T14:45:13","guid":{"rendered":"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-en-plugin-wpdatatables-para-wordpress\/"},"modified":"2024-05-22T14:45:13","modified_gmt":"2024-05-22T14:45:13","slug":"vulnerabilidad-de-cross-site-scripting-en-plugin-wpdatatables-para-wordpress","status":"publish","type":"post","link":"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-en-plugin-wpdatatables-para-wordpress\/","title":{"rendered":"Vulnerabilidad de Cross-Site Scripting en Plugin wpDataTables para WordPress"},"content":{"rendered":"<div>El plugin wpDataTables para WordPress presenta una vulnerabilidad de Cross-Site Scripting (XSS) que permite a atacantes no autenticados inyectar scripts web maliciosos a trav\u00e9s de la funcionalidad de importaci\u00f3n de archivos CSV.<\/div>\n<p><\/p>\n<div>La vulnerabilidad detectada en el plugin wpDataTables \u2013 WordPress Data Table, Dynamic Tables &amp; Table Charts Plugin, identificada con el ID CVE-2024-4895, se debe a una neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de p\u00e1ginas web, lo que facilita la inyecci\u00f3n de scripts maliciosos. Los atacantes pueden aprovechar esta falla para ejecutar scripts arbitrarios en p\u00e1ginas que ser\u00e1n activados cuando un usuario acceda a la p\u00e1gina comprometida. Para mitigar este riesgo, se recomienda actualizar el plugin a la \u00faltima versi\u00f3n disponible y evitar importar archivos CSV de fuentes no confiables.<\/div>\n<div>La seguridad de un sitio web en WordPress es fundamental para proteger la informaci\u00f3n y la experiencia de los usuarios. Mantener todos los plugins actualizados y evitar la importaci\u00f3n de archivos de origen desconocido son medidas preventivas clave en la prevenci\u00f3n de ataques de Cross-Site Scripting como el descrito en este informe de seguridad.<\/div>\n","protected":false},"excerpt":{"rendered":"<p>El plugin wpDataTables para WordPress presenta una vulnerabilidad de Cross-Site Scripting (XSS) que permite a atacantes no autenticados inyectar scripts web maliciosos a trav\u00e9s de la funcionalidad de importaci\u00f3n de archivos CSV. La vulnerabilidad detectada en el plugin wpDataTables \u2013 WordPress Data Table, Dynamic Tables &amp; Table Charts Plugin, identificada con el ID CVE-2024-4895, se [&hellip;]<\/p>\n","protected":false},"author":0,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[1498],"class_list":["post-3788","post","type-post","status-publish","format-standard","hentry","category-uncategorized","tag-cve-2024-4895"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v21.8 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Vulnerabilidad de Cross-Site Scripting en Plugin wpDataTables para WordPress - SeguridadWordPress.es<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-en-plugin-wpdatatables-para-wordpress\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Vulnerabilidad de Cross-Site Scripting en Plugin wpDataTables para WordPress - SeguridadWordPress.es\" \/>\n<meta property=\"og:description\" content=\"El plugin wpDataTables para WordPress presenta una vulnerabilidad de Cross-Site Scripting (XSS) que permite a atacantes no autenticados inyectar scripts web maliciosos a trav\u00e9s de la funcionalidad de importaci\u00f3n de archivos CSV. La vulnerabilidad detectada en el plugin wpDataTables \u2013 WordPress Data Table, Dynamic Tables &amp; Table Charts Plugin, identificada con el ID CVE-2024-4895, se [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-en-plugin-wpdatatables-para-wordpress\/\" \/>\n<meta property=\"og:site_name\" content=\"SeguridadWordPress.es\" \/>\n<meta property=\"article:published_time\" content=\"2024-05-22T14:45:13+00:00\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-en-plugin-wpdatatables-para-wordpress\/\",\"url\":\"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-en-plugin-wpdatatables-para-wordpress\/\",\"name\":\"Vulnerabilidad de Cross-Site Scripting en Plugin wpDataTables para WordPress - SeguridadWordPress.es\",\"isPartOf\":{\"@id\":\"http:\/\/127.0.0.1\/#website\"},\"datePublished\":\"2024-05-22T14:45:13+00:00\",\"dateModified\":\"2024-05-22T14:45:13+00:00\",\"author\":{\"@id\":\"\"},\"breadcrumb\":{\"@id\":\"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-en-plugin-wpdatatables-para-wordpress\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-en-plugin-wpdatatables-para-wordpress\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-en-plugin-wpdatatables-para-wordpress\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"http:\/\/127.0.0.1\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Vulnerabilidad de Cross-Site Scripting en Plugin wpDataTables para WordPress\"}]},{\"@type\":\"WebSite\",\"@id\":\"http:\/\/127.0.0.1\/#website\",\"url\":\"http:\/\/127.0.0.1\/\",\"name\":\"SeguridadWordPress.es\",\"description\":\"Recopilaci\u00f3n de vulnerabilidades WordPress.\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"http:\/\/127.0.0.1\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Vulnerabilidad de Cross-Site Scripting en Plugin wpDataTables para WordPress - SeguridadWordPress.es","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-en-plugin-wpdatatables-para-wordpress\/","og_locale":"en_US","og_type":"article","og_title":"Vulnerabilidad de Cross-Site Scripting en Plugin wpDataTables para WordPress - SeguridadWordPress.es","og_description":"El plugin wpDataTables para WordPress presenta una vulnerabilidad de Cross-Site Scripting (XSS) que permite a atacantes no autenticados inyectar scripts web maliciosos a trav\u00e9s de la funcionalidad de importaci\u00f3n de archivos CSV. La vulnerabilidad detectada en el plugin wpDataTables \u2013 WordPress Data Table, Dynamic Tables &amp; Table Charts Plugin, identificada con el ID CVE-2024-4895, se [&hellip;]","og_url":"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-en-plugin-wpdatatables-para-wordpress\/","og_site_name":"SeguridadWordPress.es","article_published_time":"2024-05-22T14:45:13+00:00","twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-en-plugin-wpdatatables-para-wordpress\/","url":"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-en-plugin-wpdatatables-para-wordpress\/","name":"Vulnerabilidad de Cross-Site Scripting en Plugin wpDataTables para WordPress - SeguridadWordPress.es","isPartOf":{"@id":"http:\/\/127.0.0.1\/#website"},"datePublished":"2024-05-22T14:45:13+00:00","dateModified":"2024-05-22T14:45:13+00:00","author":{"@id":""},"breadcrumb":{"@id":"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-en-plugin-wpdatatables-para-wordpress\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-en-plugin-wpdatatables-para-wordpress\/"]}]},{"@type":"BreadcrumbList","@id":"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-en-plugin-wpdatatables-para-wordpress\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"http:\/\/127.0.0.1\/"},{"@type":"ListItem","position":2,"name":"Vulnerabilidad de Cross-Site Scripting en Plugin wpDataTables para WordPress"}]},{"@type":"WebSite","@id":"http:\/\/127.0.0.1\/#website","url":"http:\/\/127.0.0.1\/","name":"SeguridadWordPress.es","description":"Recopilaci\u00f3n de vulnerabilidades WordPress.","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"http:\/\/127.0.0.1\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"}]}},"amp_enabled":true,"_links":{"self":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts\/3788"}],"collection":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/comments?post=3788"}],"version-history":[{"count":0,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts\/3788\/revisions"}],"wp:attachment":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/media?parent=3788"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/categories?post=3788"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/tags?post=3788"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}