{"id":3941,"date":"2024-06-05T15:45:34","date_gmt":"2024-06-05T15:45:34","guid":{"rendered":"http:\/\/127.0.0.1\/vulnerabilidad-en-materialis-companion-1-3-41-cross-site-scripting-por-authenticated-contributor\/"},"modified":"2024-06-05T15:45:34","modified_gmt":"2024-06-05T15:45:34","slug":"vulnerabilidad-en-materialis-companion-1-3-41-cross-site-scripting-por-authenticated-contributor","status":"publish","type":"post","link":"http:\/\/127.0.0.1\/vulnerabilidad-en-materialis-companion-1-3-41-cross-site-scripting-por-authenticated-contributor\/","title":{"rendered":"Vulnerabilidad en Materialis Companion <= 1.3.41 – Cross-Site Scripting por Authenticated (Contributor+)"},"content":{"rendered":"
El plugin Materialis Companion para WordPress presenta una vulnerabilidad de Cross-Site Scripting almacenado a trav\u00e9s del shortcode materialis_contact_form en todas las versiones hasta, e incluyendo, la 1.3.41 debido a una sanitizaci\u00f3n insuficiente de la entrada y escapado de salida en atributos suministrados por el usuario. Esto permite a atacantes autenticados, con acceso de nivel contribuidor o superior, inyectar scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n siempre que un usuario acceda a una p\u00e1gina inyectada.<\/div>\n

<\/p>\n

Esta vulnerabilidad puede ser explotada por usuarios malintencionados con credenciales de contribuidor (Contributor) para ejecutar scripts maliciosos en p\u00e1ginas web dentro del sitio WordPress comprometido. Para mitigar este riesgo, se recomienda a los administradores de sitios web afectados actualizar el plugin Materialis Companion a la \u00faltima versi\u00f3n disponible, en la cual se hayan corregido estas vulnerabilidades. Adem\u00e1s, se aconseja a los administradores de WordPress restringir los roles de usuario y supervisar las actividades de los contribuidores para detectar posibles actividades maliciosas.<\/div>\n
Es fundamental mantener actualizados todos los plugins y temas de WordPress para protegerse contra vulnerabilidades conocidas y potenciales. Al implementar buenas pr\u00e1cticas de seguridad cibern\u00e9tica y mantener un monitoreo constante, se puede reducir significativamente el riesgo de ataques de Cross-Site Scripting y otras amenazas potenciales.<\/div>\n","protected":false},"excerpt":{"rendered":"

El plugin Materialis Companion para WordPress presenta una vulnerabilidad de Cross-Site Scripting almacenado a trav\u00e9s del shortcode materialis_contact_form en todas las versiones hasta, e incluyendo, la 1.3.41 debido a una sanitizaci\u00f3n insuficiente de la entrada y escapado de salida en atributos suministrados por el usuario. Esto permite a atacantes autenticados, con acceso de nivel contribuidor […]<\/p>\n","protected":false},"author":0,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[1651],"class_list":["post-3941","post","type-post","status-publish","format-standard","hentry","category-uncategorized","tag-cve-2024-4707"],"yoast_head":"\nVulnerabilidad en Materialis Companion <= 1.3.41 - Cross-Site Scripting por Authenticated (Contributor+) - SeguridadWordPress.es<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"http:\/\/127.0.0.1\/vulnerabilidad-en-materialis-companion-1-3-41-cross-site-scripting-por-authenticated-contributor\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Vulnerabilidad en Materialis Companion <= 1.3.41 - Cross-Site Scripting por Authenticated (Contributor+) - SeguridadWordPress.es\" \/>\n<meta property=\"og:description\" content=\"El plugin Materialis Companion para WordPress presenta una vulnerabilidad de Cross-Site Scripting almacenado a trav\u00e9s del shortcode materialis_contact_form en todas las versiones hasta, e incluyendo, la 1.3.41 debido a una sanitizaci\u00f3n insuficiente de la entrada y escapado de salida en atributos suministrados por el usuario. Esto permite a atacantes autenticados, con acceso de nivel contribuidor […]\" \/>\n<meta property=\"og:url\" content=\"http:\/\/127.0.0.1\/vulnerabilidad-en-materialis-companion-1-3-41-cross-site-scripting-por-authenticated-contributor\/\" \/>\n<meta property=\"og:site_name\" content=\"SeguridadWordPress.es\" \/>\n<meta property=\"article:published_time\" content=\"2024-06-05T15:45:34+00:00\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"http:\/\/127.0.0.1\/vulnerabilidad-en-materialis-companion-1-3-41-cross-site-scripting-por-authenticated-contributor\/\",\"url\":\"http:\/\/127.0.0.1\/vulnerabilidad-en-materialis-companion-1-3-41-cross-site-scripting-por-authenticated-contributor\/\",\"name\":\"Vulnerabilidad en Materialis Companion <= 1.3.41 - Cross-Site Scripting por Authenticated (Contributor+) - SeguridadWordPress.es\",\"isPartOf\":{\"@id\":\"http:\/\/127.0.0.1\/#website\"},\"datePublished\":\"2024-06-05T15:45:34+00:00\",\"dateModified\":\"2024-06-05T15:45:34+00:00\",\"author\":{\"@id\":\"\"},\"breadcrumb\":{\"@id\":\"http:\/\/127.0.0.1\/vulnerabilidad-en-materialis-companion-1-3-41-cross-site-scripting-por-authenticated-contributor\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"http:\/\/127.0.0.1\/vulnerabilidad-en-materialis-companion-1-3-41-cross-site-scripting-por-authenticated-contributor\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"http:\/\/127.0.0.1\/vulnerabilidad-en-materialis-companion-1-3-41-cross-site-scripting-por-authenticated-contributor\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"http:\/\/127.0.0.1\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Vulnerabilidad en Materialis Companion <= 1.3.41 – Cross-Site Scripting por Authenticated (Contributor+)\"}]},{\"@type\":\"WebSite\",\"@id\":\"http:\/\/127.0.0.1\/#website\",\"url\":\"http:\/\/127.0.0.1\/\",\"name\":\"SeguridadWordPress.es\",\"description\":\"Recopilaci\u00f3n de vulnerabilidades WordPress.\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"http:\/\/127.0.0.1\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Vulnerabilidad en Materialis Companion <= 1.3.41 - Cross-Site Scripting por Authenticated (Contributor+) - SeguridadWordPress.es","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"http:\/\/127.0.0.1\/vulnerabilidad-en-materialis-companion-1-3-41-cross-site-scripting-por-authenticated-contributor\/","og_locale":"en_US","og_type":"article","og_title":"Vulnerabilidad en Materialis Companion <= 1.3.41 - Cross-Site Scripting por Authenticated (Contributor+) - SeguridadWordPress.es","og_description":"El plugin Materialis Companion para WordPress presenta una vulnerabilidad de Cross-Site Scripting almacenado a trav\u00e9s del shortcode materialis_contact_form en todas las versiones hasta, e incluyendo, la 1.3.41 debido a una sanitizaci\u00f3n insuficiente de la entrada y escapado de salida en atributos suministrados por el usuario. Esto permite a atacantes autenticados, con acceso de nivel contribuidor […]","og_url":"http:\/\/127.0.0.1\/vulnerabilidad-en-materialis-companion-1-3-41-cross-site-scripting-por-authenticated-contributor\/","og_site_name":"SeguridadWordPress.es","article_published_time":"2024-06-05T15:45:34+00:00","twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"http:\/\/127.0.0.1\/vulnerabilidad-en-materialis-companion-1-3-41-cross-site-scripting-por-authenticated-contributor\/","url":"http:\/\/127.0.0.1\/vulnerabilidad-en-materialis-companion-1-3-41-cross-site-scripting-por-authenticated-contributor\/","name":"Vulnerabilidad en Materialis Companion <= 1.3.41 - Cross-Site Scripting por Authenticated (Contributor+) - SeguridadWordPress.es","isPartOf":{"@id":"http:\/\/127.0.0.1\/#website"},"datePublished":"2024-06-05T15:45:34+00:00","dateModified":"2024-06-05T15:45:34+00:00","author":{"@id":""},"breadcrumb":{"@id":"http:\/\/127.0.0.1\/vulnerabilidad-en-materialis-companion-1-3-41-cross-site-scripting-por-authenticated-contributor\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["http:\/\/127.0.0.1\/vulnerabilidad-en-materialis-companion-1-3-41-cross-site-scripting-por-authenticated-contributor\/"]}]},{"@type":"BreadcrumbList","@id":"http:\/\/127.0.0.1\/vulnerabilidad-en-materialis-companion-1-3-41-cross-site-scripting-por-authenticated-contributor\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"http:\/\/127.0.0.1\/"},{"@type":"ListItem","position":2,"name":"Vulnerabilidad en Materialis Companion <= 1.3.41 – Cross-Site Scripting por Authenticated (Contributor+)"}]},{"@type":"WebSite","@id":"http:\/\/127.0.0.1\/#website","url":"http:\/\/127.0.0.1\/","name":"SeguridadWordPress.es","description":"Recopilaci\u00f3n de vulnerabilidades WordPress.","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"http:\/\/127.0.0.1\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"}]}},"amp_enabled":true,"_links":{"self":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts\/3941"}],"collection":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/comments?post=3941"}],"version-history":[{"count":0,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts\/3941\/revisions"}],"wp:attachment":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/media?parent=3941"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/categories?post=3941"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/tags?post=3941"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}