{"id":3962,"date":"2024-06-06T15:45:35","date_gmt":"2024-06-06T15:45:35","guid":{"rendered":"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-en-wp-mobile-menu\/"},"modified":"2024-06-06T15:45:35","modified_gmt":"2024-06-06T15:45:35","slug":"vulnerabilidad-de-cross-site-scripting-en-wp-mobile-menu","status":"publish","type":"post","link":"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-en-wp-mobile-menu\/","title":{"rendered":"Vulnerabilidad de Cross-Site Scripting en WP Mobile Menu"},"content":{"rendered":"<div>La vulnerabilidad CVE-2024-3987 fue descubierta en el plugin WP Mobile Menu \u2013 The Mobile-Friendly Responsive Menu para WordPress. Esta vulnerabilidad de Cross-Site Scripting (XSS) permite a atacantes autenticados con nivel de contribuidor o superior inyectar scripts web arbitrarios en las p\u00e1ginas del sitio.<\/div>\n<p><\/p>\n<div>La vulnerabilidad radica en la falta de sanitizaci\u00f3n de la entrada de texto alternativo de im\u00e1genes y la falta de escapado de salida en el plugin WP Mobile Menu hasta la versi\u00f3n 2.8.4.2. Esto significa que los atacantes pueden realizar ataques XSS almacenados, lo que les permite ejecutar c\u00f3digo malicioso en las p\u00e1ginas del sitio cuando un usuario las visualiza. Para mitigar esta vulnerabilidad, se recomienda actualizar a la \u00faltima versi\u00f3n del plugin y evitar dar permisos de contribuidor o superior a usuarios no confiables.<\/div>\n<div>Es crucial mantener todos los plugins de WordPress actualizados y restringir los permisos de los usuarios para reducir el riesgo de ataques de XSS. Al tomar estas medidas preventivas, los administradores de sitios web pueden protegerse contra posibles explotaciones de esta vulnerabilidad en WP Mobile Menu.<\/div>\n","protected":false},"excerpt":{"rendered":"<p>La vulnerabilidad CVE-2024-3987 fue descubierta en el plugin WP Mobile Menu \u2013 The Mobile-Friendly Responsive Menu para WordPress. Esta vulnerabilidad de Cross-Site Scripting (XSS) permite a atacantes autenticados con nivel de contribuidor o superior inyectar scripts web arbitrarios en las p\u00e1ginas del sitio. La vulnerabilidad radica en la falta de sanitizaci\u00f3n de la entrada de [&hellip;]<\/p>\n","protected":false},"author":0,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[1672],"class_list":["post-3962","post","type-post","status-publish","format-standard","hentry","category-uncategorized","tag-cve-2024-3987"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v21.8 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Vulnerabilidad de Cross-Site Scripting en WP Mobile Menu - SeguridadWordPress.es<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-en-wp-mobile-menu\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Vulnerabilidad de Cross-Site Scripting en WP Mobile Menu - SeguridadWordPress.es\" \/>\n<meta property=\"og:description\" content=\"La vulnerabilidad CVE-2024-3987 fue descubierta en el plugin WP Mobile Menu \u2013 The Mobile-Friendly Responsive Menu para WordPress. Esta vulnerabilidad de Cross-Site Scripting (XSS) permite a atacantes autenticados con nivel de contribuidor o superior inyectar scripts web arbitrarios en las p\u00e1ginas del sitio. La vulnerabilidad radica en la falta de sanitizaci\u00f3n de la entrada de [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-en-wp-mobile-menu\/\" \/>\n<meta property=\"og:site_name\" content=\"SeguridadWordPress.es\" \/>\n<meta property=\"article:published_time\" content=\"2024-06-06T15:45:35+00:00\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-en-wp-mobile-menu\/\",\"url\":\"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-en-wp-mobile-menu\/\",\"name\":\"Vulnerabilidad de Cross-Site Scripting en WP Mobile Menu - SeguridadWordPress.es\",\"isPartOf\":{\"@id\":\"http:\/\/127.0.0.1\/#website\"},\"datePublished\":\"2024-06-06T15:45:35+00:00\",\"dateModified\":\"2024-06-06T15:45:35+00:00\",\"author\":{\"@id\":\"\"},\"breadcrumb\":{\"@id\":\"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-en-wp-mobile-menu\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-en-wp-mobile-menu\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-en-wp-mobile-menu\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"http:\/\/127.0.0.1\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Vulnerabilidad de Cross-Site Scripting en WP Mobile Menu\"}]},{\"@type\":\"WebSite\",\"@id\":\"http:\/\/127.0.0.1\/#website\",\"url\":\"http:\/\/127.0.0.1\/\",\"name\":\"SeguridadWordPress.es\",\"description\":\"Recopilaci\u00f3n de vulnerabilidades WordPress.\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"http:\/\/127.0.0.1\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Vulnerabilidad de Cross-Site Scripting en WP Mobile Menu - SeguridadWordPress.es","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-en-wp-mobile-menu\/","og_locale":"en_US","og_type":"article","og_title":"Vulnerabilidad de Cross-Site Scripting en WP Mobile Menu - SeguridadWordPress.es","og_description":"La vulnerabilidad CVE-2024-3987 fue descubierta en el plugin WP Mobile Menu \u2013 The Mobile-Friendly Responsive Menu para WordPress. Esta vulnerabilidad de Cross-Site Scripting (XSS) permite a atacantes autenticados con nivel de contribuidor o superior inyectar scripts web arbitrarios en las p\u00e1ginas del sitio. La vulnerabilidad radica en la falta de sanitizaci\u00f3n de la entrada de [&hellip;]","og_url":"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-en-wp-mobile-menu\/","og_site_name":"SeguridadWordPress.es","article_published_time":"2024-06-06T15:45:35+00:00","twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-en-wp-mobile-menu\/","url":"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-en-wp-mobile-menu\/","name":"Vulnerabilidad de Cross-Site Scripting en WP Mobile Menu - SeguridadWordPress.es","isPartOf":{"@id":"http:\/\/127.0.0.1\/#website"},"datePublished":"2024-06-06T15:45:35+00:00","dateModified":"2024-06-06T15:45:35+00:00","author":{"@id":""},"breadcrumb":{"@id":"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-en-wp-mobile-menu\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-en-wp-mobile-menu\/"]}]},{"@type":"BreadcrumbList","@id":"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-en-wp-mobile-menu\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"http:\/\/127.0.0.1\/"},{"@type":"ListItem","position":2,"name":"Vulnerabilidad de Cross-Site Scripting en WP Mobile Menu"}]},{"@type":"WebSite","@id":"http:\/\/127.0.0.1\/#website","url":"http:\/\/127.0.0.1\/","name":"SeguridadWordPress.es","description":"Recopilaci\u00f3n de vulnerabilidades WordPress.","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"http:\/\/127.0.0.1\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"}]}},"amp_enabled":true,"_links":{"self":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts\/3962"}],"collection":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/comments?post=3962"}],"version-history":[{"count":0,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts\/3962\/revisions"}],"wp:attachment":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/media?parent=3962"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/categories?post=3962"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/tags?post=3962"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}