{"id":4060,"date":"2024-06-18T13:45:10","date_gmt":"2024-06-18T13:45:10","guid":{"rendered":"http:\/\/127.0.0.1\/vulnerabilidad-de-xss-almacenado-en-maxgalleria-6-4-4-a-traves-de-maxgallery_thumb-shortcode\/"},"modified":"2024-06-18T13:45:10","modified_gmt":"2024-06-18T13:45:10","slug":"vulnerabilidad-de-xss-almacenado-en-maxgalleria-6-4-4-a-traves-de-maxgallery_thumb-shortcode","status":"publish","type":"post","link":"http:\/\/127.0.0.1\/vulnerabilidad-de-xss-almacenado-en-maxgalleria-6-4-4-a-traves-de-maxgallery_thumb-shortcode\/","title":{"rendered":"Vulnerabilidad de XSS almacenado en MaxGalleria <= 6.4.4 a trav\u00e9s de maxgallery_thumb Shortcode"},"content":{"rendered":"
La vulnerabilidad CVE-2024-5970 en el plugin MaxGalleria para WordPress permite a atacantes autenticados con acceso de contribuidor o superior, inyectar scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cuando un usuario acceda a la p\u00e1gina comprometida.<\/div>\n

<\/p>\n

El plugin MaxGalleria versiones hasta la 6.4.4 son vulnerables a Cross-Site Scripting almacenado debido a una insuficiente sanitizaci\u00f3n de entrada y escape de salida en los atributos proporcionados por el usuario. Esto significa que un atacante autenticado con acceso de contribuidor o superior puede explotar esta vulnerabilidad para inyectar scripts maliciosos en las p\u00e1ginas generadas por el plugin.<\/div>\n
Se recomienda a los usuarios actualizar el plugin MaxGalleria a la \u00faltima versi\u00f3n disponible para mitigar este riesgo de seguridad. Adicionalmente, se aconseja ser cauteloso al aceptar contribuciones de usuarios con roles de acceso avanzados para prevenir posibles ataques de XSS almacenado.<\/div>\n","protected":false},"excerpt":{"rendered":"

La vulnerabilidad CVE-2024-5970 en el plugin MaxGalleria para WordPress permite a atacantes autenticados con acceso de contribuidor o superior, inyectar scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cuando un usuario acceda a la p\u00e1gina comprometida. El plugin MaxGalleria versiones hasta la 6.4.4 son vulnerables a Cross-Site Scripting almacenado debido a una insuficiente sanitizaci\u00f3n de […]<\/p>\n","protected":false},"author":0,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[1770],"class_list":["post-4060","post","type-post","status-publish","format-standard","hentry","category-uncategorized","tag-cve-2024-5970"],"yoast_head":"\nVulnerabilidad de XSS almacenado en MaxGalleria <= 6.4.4 a trav\u00e9s de maxgallery_thumb Shortcode - SeguridadWordPress.es<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"http:\/\/127.0.0.1\/vulnerabilidad-de-xss-almacenado-en-maxgalleria-6-4-4-a-traves-de-maxgallery_thumb-shortcode\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Vulnerabilidad de XSS almacenado en MaxGalleria <= 6.4.4 a trav\u00e9s de maxgallery_thumb Shortcode - SeguridadWordPress.es\" \/>\n<meta property=\"og:description\" content=\"La vulnerabilidad CVE-2024-5970 en el plugin MaxGalleria para WordPress permite a atacantes autenticados con acceso de contribuidor o superior, inyectar scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cuando un usuario acceda a la p\u00e1gina comprometida. El plugin MaxGalleria versiones hasta la 6.4.4 son vulnerables a Cross-Site Scripting almacenado debido a una insuficiente sanitizaci\u00f3n de […]\" \/>\n<meta property=\"og:url\" content=\"http:\/\/127.0.0.1\/vulnerabilidad-de-xss-almacenado-en-maxgalleria-6-4-4-a-traves-de-maxgallery_thumb-shortcode\/\" \/>\n<meta property=\"og:site_name\" content=\"SeguridadWordPress.es\" \/>\n<meta property=\"article:published_time\" content=\"2024-06-18T13:45:10+00:00\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"http:\/\/127.0.0.1\/vulnerabilidad-de-xss-almacenado-en-maxgalleria-6-4-4-a-traves-de-maxgallery_thumb-shortcode\/\",\"url\":\"http:\/\/127.0.0.1\/vulnerabilidad-de-xss-almacenado-en-maxgalleria-6-4-4-a-traves-de-maxgallery_thumb-shortcode\/\",\"name\":\"Vulnerabilidad de XSS almacenado en MaxGalleria <= 6.4.4 a trav\u00e9s de maxgallery_thumb Shortcode - SeguridadWordPress.es\",\"isPartOf\":{\"@id\":\"http:\/\/127.0.0.1\/#website\"},\"datePublished\":\"2024-06-18T13:45:10+00:00\",\"dateModified\":\"2024-06-18T13:45:10+00:00\",\"author\":{\"@id\":\"\"},\"breadcrumb\":{\"@id\":\"http:\/\/127.0.0.1\/vulnerabilidad-de-xss-almacenado-en-maxgalleria-6-4-4-a-traves-de-maxgallery_thumb-shortcode\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"http:\/\/127.0.0.1\/vulnerabilidad-de-xss-almacenado-en-maxgalleria-6-4-4-a-traves-de-maxgallery_thumb-shortcode\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"http:\/\/127.0.0.1\/vulnerabilidad-de-xss-almacenado-en-maxgalleria-6-4-4-a-traves-de-maxgallery_thumb-shortcode\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"http:\/\/127.0.0.1\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Vulnerabilidad de XSS almacenado en MaxGalleria <= 6.4.4 a trav\u00e9s de maxgallery_thumb Shortcode\"}]},{\"@type\":\"WebSite\",\"@id\":\"http:\/\/127.0.0.1\/#website\",\"url\":\"http:\/\/127.0.0.1\/\",\"name\":\"SeguridadWordPress.es\",\"description\":\"Recopilaci\u00f3n de vulnerabilidades WordPress.\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"http:\/\/127.0.0.1\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Vulnerabilidad de XSS almacenado en MaxGalleria <= 6.4.4 a trav\u00e9s de maxgallery_thumb Shortcode - SeguridadWordPress.es","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"http:\/\/127.0.0.1\/vulnerabilidad-de-xss-almacenado-en-maxgalleria-6-4-4-a-traves-de-maxgallery_thumb-shortcode\/","og_locale":"en_US","og_type":"article","og_title":"Vulnerabilidad de XSS almacenado en MaxGalleria <= 6.4.4 a trav\u00e9s de maxgallery_thumb Shortcode - SeguridadWordPress.es","og_description":"La vulnerabilidad CVE-2024-5970 en el plugin MaxGalleria para WordPress permite a atacantes autenticados con acceso de contribuidor o superior, inyectar scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cuando un usuario acceda a la p\u00e1gina comprometida. El plugin MaxGalleria versiones hasta la 6.4.4 son vulnerables a Cross-Site Scripting almacenado debido a una insuficiente sanitizaci\u00f3n de […]","og_url":"http:\/\/127.0.0.1\/vulnerabilidad-de-xss-almacenado-en-maxgalleria-6-4-4-a-traves-de-maxgallery_thumb-shortcode\/","og_site_name":"SeguridadWordPress.es","article_published_time":"2024-06-18T13:45:10+00:00","twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"http:\/\/127.0.0.1\/vulnerabilidad-de-xss-almacenado-en-maxgalleria-6-4-4-a-traves-de-maxgallery_thumb-shortcode\/","url":"http:\/\/127.0.0.1\/vulnerabilidad-de-xss-almacenado-en-maxgalleria-6-4-4-a-traves-de-maxgallery_thumb-shortcode\/","name":"Vulnerabilidad de XSS almacenado en MaxGalleria <= 6.4.4 a trav\u00e9s de maxgallery_thumb Shortcode - SeguridadWordPress.es","isPartOf":{"@id":"http:\/\/127.0.0.1\/#website"},"datePublished":"2024-06-18T13:45:10+00:00","dateModified":"2024-06-18T13:45:10+00:00","author":{"@id":""},"breadcrumb":{"@id":"http:\/\/127.0.0.1\/vulnerabilidad-de-xss-almacenado-en-maxgalleria-6-4-4-a-traves-de-maxgallery_thumb-shortcode\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["http:\/\/127.0.0.1\/vulnerabilidad-de-xss-almacenado-en-maxgalleria-6-4-4-a-traves-de-maxgallery_thumb-shortcode\/"]}]},{"@type":"BreadcrumbList","@id":"http:\/\/127.0.0.1\/vulnerabilidad-de-xss-almacenado-en-maxgalleria-6-4-4-a-traves-de-maxgallery_thumb-shortcode\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"http:\/\/127.0.0.1\/"},{"@type":"ListItem","position":2,"name":"Vulnerabilidad de XSS almacenado en MaxGalleria <= 6.4.4 a trav\u00e9s de maxgallery_thumb Shortcode"}]},{"@type":"WebSite","@id":"http:\/\/127.0.0.1\/#website","url":"http:\/\/127.0.0.1\/","name":"SeguridadWordPress.es","description":"Recopilaci\u00f3n de vulnerabilidades WordPress.","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"http:\/\/127.0.0.1\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"}]}},"amp_enabled":true,"_links":{"self":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts\/4060"}],"collection":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/comments?post=4060"}],"version-history":[{"count":0,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts\/4060\/revisions"}],"wp:attachment":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/media?parent=4060"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/categories?post=4060"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/tags?post=4060"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}