{"id":3920,"date":"2024-06-04T20:45:26","date_gmt":"2024-06-04T20:45:26","guid":{"rendered":"http:\/\/127.0.0.1\/lifterlms-plugin-de-wordpress-para-elearning-7-6-2-inyeccion-sql-autenticada-contributor-mediante-shortcode\/"},"modified":"2024-06-04T20:45:26","modified_gmt":"2024-06-04T20:45:26","slug":"lifterlms-plugin-de-wordpress-para-elearning-7-6-2-inyeccion-sql-autenticada-contributor-mediante-shortcode","status":"publish","type":"post","link":"http:\/\/127.0.0.1\/lifterlms-plugin-de-wordpress-para-elearning-7-6-2-inyeccion-sql-autenticada-contributor-mediante-shortcode\/","title":{"rendered":"LifterLMS \u2013 Plugin de WordPress para eLearning <= 7.6.2 – Inyecci\u00f3n SQL Autenticada (Contributor+) mediante Shortcode"},"content":{"rendered":"
La vulnerabilidad CVE-2024-4743 afecta al plugin LifterLMS para WordPress, permitiendo a atacantes autenticados realizar Inyecci\u00f3n SQL a trav\u00e9s del atributo orderBy del shortcode lifterlms_favorites en versiones hasta 7.6.2. Esto podr\u00eda resultar en la extracci\u00f3n de informaci\u00f3n sensible de la base de datos.<\/div>\n

<\/p>\n

La versi\u00f3n del plugin LifterLMS para eLearning hasta la 7.6.2 es vulnerable a Inyecci\u00f3n SQL debido a la falta de escape en el par\u00e1metro suministrado por el usuario y a la falta de preparaci\u00f3n suficiente en la consulta SQL existente. Los atacantes autenticados, con acceso de nivel Contributor y superior, pueden agregar consultas SQL adicionales a las ya existentes para extraer informaci\u00f3n confidencial de la base de datos.<\/div>\n
Para subsanar esta vulnerabilidad, se recomienda actualizar el plugin LifterLMS a la \u00faltima versi\u00f3n disponible y mantener todos los plugins y temas de WordPress actualizados. Adem\u00e1s, se aconseja limitar el acceso de los usuarios a roles con privilegios m\u00ednimos para reducir el riesgo de explotaci\u00f3n de Inyecci\u00f3n SQL.<\/div>\n","protected":false},"excerpt":{"rendered":"

La vulnerabilidad CVE-2024-4743 afecta al plugin LifterLMS para WordPress, permitiendo a atacantes autenticados realizar Inyecci\u00f3n SQL a trav\u00e9s del atributo orderBy del shortcode lifterlms_favorites en versiones hasta 7.6.2. Esto podr\u00eda resultar en la extracci\u00f3n de informaci\u00f3n sensible de la base de datos. La versi\u00f3n del plugin LifterLMS para eLearning hasta la 7.6.2 es vulnerable a […]<\/p>\n","protected":false},"author":0,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[1630],"class_list":["post-3920","post","type-post","status-publish","format-standard","hentry","category-uncategorized","tag-cve-2024-4743"],"yoast_head":"\nLifterLMS \u2013 Plugin de WordPress para eLearning <= 7.6.2 - Inyecci\u00f3n SQL Autenticada (Contributor+) mediante Shortcode - SeguridadWordPress.es<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"http:\/\/127.0.0.1\/lifterlms-plugin-de-wordpress-para-elearning-7-6-2-inyeccion-sql-autenticada-contributor-mediante-shortcode\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"LifterLMS \u2013 Plugin de WordPress para eLearning <= 7.6.2 - Inyecci\u00f3n SQL Autenticada (Contributor+) mediante Shortcode - SeguridadWordPress.es\" \/>\n<meta property=\"og:description\" content=\"La vulnerabilidad CVE-2024-4743 afecta al plugin LifterLMS para WordPress, permitiendo a atacantes autenticados realizar Inyecci\u00f3n SQL a trav\u00e9s del atributo orderBy del shortcode lifterlms_favorites en versiones hasta 7.6.2. Esto podr\u00eda resultar en la extracci\u00f3n de informaci\u00f3n sensible de la base de datos. La versi\u00f3n del plugin LifterLMS para eLearning hasta la 7.6.2 es vulnerable a […]\" \/>\n<meta property=\"og:url\" content=\"http:\/\/127.0.0.1\/lifterlms-plugin-de-wordpress-para-elearning-7-6-2-inyeccion-sql-autenticada-contributor-mediante-shortcode\/\" \/>\n<meta property=\"og:site_name\" content=\"SeguridadWordPress.es\" \/>\n<meta property=\"article:published_time\" content=\"2024-06-04T20:45:26+00:00\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"http:\/\/127.0.0.1\/lifterlms-plugin-de-wordpress-para-elearning-7-6-2-inyeccion-sql-autenticada-contributor-mediante-shortcode\/\",\"url\":\"http:\/\/127.0.0.1\/lifterlms-plugin-de-wordpress-para-elearning-7-6-2-inyeccion-sql-autenticada-contributor-mediante-shortcode\/\",\"name\":\"LifterLMS \u2013 Plugin de WordPress para eLearning <= 7.6.2 - Inyecci\u00f3n SQL Autenticada (Contributor+) mediante Shortcode - SeguridadWordPress.es\",\"isPartOf\":{\"@id\":\"http:\/\/127.0.0.1\/#website\"},\"datePublished\":\"2024-06-04T20:45:26+00:00\",\"dateModified\":\"2024-06-04T20:45:26+00:00\",\"author\":{\"@id\":\"\"},\"breadcrumb\":{\"@id\":\"http:\/\/127.0.0.1\/lifterlms-plugin-de-wordpress-para-elearning-7-6-2-inyeccion-sql-autenticada-contributor-mediante-shortcode\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"http:\/\/127.0.0.1\/lifterlms-plugin-de-wordpress-para-elearning-7-6-2-inyeccion-sql-autenticada-contributor-mediante-shortcode\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"http:\/\/127.0.0.1\/lifterlms-plugin-de-wordpress-para-elearning-7-6-2-inyeccion-sql-autenticada-contributor-mediante-shortcode\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"http:\/\/127.0.0.1\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"LifterLMS \u2013 Plugin de WordPress para eLearning <= 7.6.2 – Inyecci\u00f3n SQL Autenticada (Contributor+) mediante Shortcode\"}]},{\"@type\":\"WebSite\",\"@id\":\"http:\/\/127.0.0.1\/#website\",\"url\":\"http:\/\/127.0.0.1\/\",\"name\":\"SeguridadWordPress.es\",\"description\":\"Recopilaci\u00f3n de vulnerabilidades WordPress.\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"http:\/\/127.0.0.1\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"LifterLMS \u2013 Plugin de WordPress para eLearning <= 7.6.2 - Inyecci\u00f3n SQL Autenticada (Contributor+) mediante Shortcode - SeguridadWordPress.es","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"http:\/\/127.0.0.1\/lifterlms-plugin-de-wordpress-para-elearning-7-6-2-inyeccion-sql-autenticada-contributor-mediante-shortcode\/","og_locale":"en_US","og_type":"article","og_title":"LifterLMS \u2013 Plugin de WordPress para eLearning <= 7.6.2 - Inyecci\u00f3n SQL Autenticada (Contributor+) mediante Shortcode - SeguridadWordPress.es","og_description":"La vulnerabilidad CVE-2024-4743 afecta al plugin LifterLMS para WordPress, permitiendo a atacantes autenticados realizar Inyecci\u00f3n SQL a trav\u00e9s del atributo orderBy del shortcode lifterlms_favorites en versiones hasta 7.6.2. Esto podr\u00eda resultar en la extracci\u00f3n de informaci\u00f3n sensible de la base de datos. La versi\u00f3n del plugin LifterLMS para eLearning hasta la 7.6.2 es vulnerable a […]","og_url":"http:\/\/127.0.0.1\/lifterlms-plugin-de-wordpress-para-elearning-7-6-2-inyeccion-sql-autenticada-contributor-mediante-shortcode\/","og_site_name":"SeguridadWordPress.es","article_published_time":"2024-06-04T20:45:26+00:00","twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"http:\/\/127.0.0.1\/lifterlms-plugin-de-wordpress-para-elearning-7-6-2-inyeccion-sql-autenticada-contributor-mediante-shortcode\/","url":"http:\/\/127.0.0.1\/lifterlms-plugin-de-wordpress-para-elearning-7-6-2-inyeccion-sql-autenticada-contributor-mediante-shortcode\/","name":"LifterLMS \u2013 Plugin de WordPress para eLearning <= 7.6.2 - Inyecci\u00f3n SQL Autenticada (Contributor+) mediante Shortcode - SeguridadWordPress.es","isPartOf":{"@id":"http:\/\/127.0.0.1\/#website"},"datePublished":"2024-06-04T20:45:26+00:00","dateModified":"2024-06-04T20:45:26+00:00","author":{"@id":""},"breadcrumb":{"@id":"http:\/\/127.0.0.1\/lifterlms-plugin-de-wordpress-para-elearning-7-6-2-inyeccion-sql-autenticada-contributor-mediante-shortcode\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["http:\/\/127.0.0.1\/lifterlms-plugin-de-wordpress-para-elearning-7-6-2-inyeccion-sql-autenticada-contributor-mediante-shortcode\/"]}]},{"@type":"BreadcrumbList","@id":"http:\/\/127.0.0.1\/lifterlms-plugin-de-wordpress-para-elearning-7-6-2-inyeccion-sql-autenticada-contributor-mediante-shortcode\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"http:\/\/127.0.0.1\/"},{"@type":"ListItem","position":2,"name":"LifterLMS \u2013 Plugin de WordPress para eLearning <= 7.6.2 – Inyecci\u00f3n SQL Autenticada (Contributor+) mediante Shortcode"}]},{"@type":"WebSite","@id":"http:\/\/127.0.0.1\/#website","url":"http:\/\/127.0.0.1\/","name":"SeguridadWordPress.es","description":"Recopilaci\u00f3n de vulnerabilidades WordPress.","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"http:\/\/127.0.0.1\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"}]}},"amp_enabled":true,"_links":{"self":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts\/3920"}],"collection":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/comments?post=3920"}],"version-history":[{"count":0,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts\/3920\/revisions"}],"wp:attachment":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/media?parent=3920"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/categories?post=3920"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/tags?post=3920"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}