{"id":4070,"date":"2024-06-18T14:46:13","date_gmt":"2024-06-18T14:46:13","guid":{"rendered":"http:\/\/127.0.0.1\/custom-product-list-table-3-0-0-cross-site-request-forgery\/"},"modified":"2024-06-18T14:46:13","modified_gmt":"2024-06-18T14:46:13","slug":"custom-product-list-table-3-0-0-cross-site-request-forgery","status":"publish","type":"post","link":"http:\/\/127.0.0.1\/custom-product-list-table-3-0-0-cross-site-request-forgery\/","title":{"rendered":"Custom Product List Table &lt;= 3.0.0 &#8211; Cross-Site Request Forgery"},"content":{"rendered":"<div>El plugin Custom Product List Table para WordPress es vulnerable a Cross-Site Request Forgery en todas las versiones hasta, e incluyendo, la 3.0.0. Esto se debe a la falta o validaci\u00f3n incorrecta de nonce al modificar productos. Esto hace posible que atacantes no autenticados a\u00f1adan, eliminen, editen en masa, aprueben o cancelen productos a trav\u00e9s de una solicitud falsificada, siempre y cuando puedan enga\u00f1ar a un administrador del sitio para que realice una acci\u00f3n como hacer clic en un enlace.<\/div>\n<p><\/p>\n<div>Para subsanar este problema, se recomienda a los usuarios actualizar el plugin Custom Product List Table a la \u00faltima versi\u00f3n disponible lo antes posible. Adem\u00e1s, se debe asegurar que el sitio web tenga medidas adicionales de seguridad como el uso de plugins de seguridad, la monitorizaci\u00f3n de cambios en los archivos del sitio y la educaci\u00f3n de los administradores del sitio sobre las posibles amenazas de seguridad.<\/div>\n<div>Es crucial mantener todos los plugins y temas de WordPress actualizados para evitar ser v\u00edctima de vulnerabilidades conocidas. La seguridad en l\u00ednea es una responsabilidad compartida entre los desarrolladores y los propietarios de sitios web, por lo que es esencial estar al tanto de posibles riesgos y tomar medidas preventivas para proteger los sitios web de ataques maliciosos.<\/div>\n","protected":false},"excerpt":{"rendered":"<p>El plugin Custom Product List Table para WordPress es vulnerable a Cross-Site Request Forgery en todas las versiones hasta, e incluyendo, la 3.0.0. Esto se debe a la falta o validaci\u00f3n incorrecta de nonce al modificar productos. Esto hace posible que atacantes no autenticados a\u00f1adan, eliminen, editen en masa, aprueben o cancelen productos a trav\u00e9s [&hellip;]<\/p>\n","protected":false},"author":0,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[1780],"class_list":["post-4070","post","type-post","status-publish","format-standard","hentry","category-uncategorized","tag-cve-2024-4541"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v21.8 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Custom Product List Table &lt;= 3.0.0 - Cross-Site Request Forgery - SeguridadWordPress.es<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"http:\/\/127.0.0.1\/custom-product-list-table-3-0-0-cross-site-request-forgery\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Custom Product List Table &lt;= 3.0.0 - Cross-Site Request Forgery - SeguridadWordPress.es\" \/>\n<meta property=\"og:description\" content=\"El plugin Custom Product List Table para WordPress es vulnerable a Cross-Site Request Forgery en todas las versiones hasta, e incluyendo, la 3.0.0. Esto se debe a la falta o validaci\u00f3n incorrecta de nonce al modificar productos. Esto hace posible que atacantes no autenticados a\u00f1adan, eliminen, editen en masa, aprueben o cancelen productos a trav\u00e9s [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"http:\/\/127.0.0.1\/custom-product-list-table-3-0-0-cross-site-request-forgery\/\" \/>\n<meta property=\"og:site_name\" content=\"SeguridadWordPress.es\" \/>\n<meta property=\"article:published_time\" content=\"2024-06-18T14:46:13+00:00\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"http:\/\/127.0.0.1\/custom-product-list-table-3-0-0-cross-site-request-forgery\/\",\"url\":\"http:\/\/127.0.0.1\/custom-product-list-table-3-0-0-cross-site-request-forgery\/\",\"name\":\"Custom Product List Table &lt;= 3.0.0 - Cross-Site Request Forgery - SeguridadWordPress.es\",\"isPartOf\":{\"@id\":\"http:\/\/127.0.0.1\/#website\"},\"datePublished\":\"2024-06-18T14:46:13+00:00\",\"dateModified\":\"2024-06-18T14:46:13+00:00\",\"author\":{\"@id\":\"\"},\"breadcrumb\":{\"@id\":\"http:\/\/127.0.0.1\/custom-product-list-table-3-0-0-cross-site-request-forgery\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"http:\/\/127.0.0.1\/custom-product-list-table-3-0-0-cross-site-request-forgery\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"http:\/\/127.0.0.1\/custom-product-list-table-3-0-0-cross-site-request-forgery\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"http:\/\/127.0.0.1\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Custom Product List Table &lt;= 3.0.0 &#8211; Cross-Site Request Forgery\"}]},{\"@type\":\"WebSite\",\"@id\":\"http:\/\/127.0.0.1\/#website\",\"url\":\"http:\/\/127.0.0.1\/\",\"name\":\"SeguridadWordPress.es\",\"description\":\"Recopilaci\u00f3n de vulnerabilidades WordPress.\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"http:\/\/127.0.0.1\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Custom Product List Table &lt;= 3.0.0 - Cross-Site Request Forgery - SeguridadWordPress.es","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"http:\/\/127.0.0.1\/custom-product-list-table-3-0-0-cross-site-request-forgery\/","og_locale":"en_US","og_type":"article","og_title":"Custom Product List Table &lt;= 3.0.0 - Cross-Site Request Forgery - SeguridadWordPress.es","og_description":"El plugin Custom Product List Table para WordPress es vulnerable a Cross-Site Request Forgery en todas las versiones hasta, e incluyendo, la 3.0.0. Esto se debe a la falta o validaci\u00f3n incorrecta de nonce al modificar productos. Esto hace posible que atacantes no autenticados a\u00f1adan, eliminen, editen en masa, aprueben o cancelen productos a trav\u00e9s [&hellip;]","og_url":"http:\/\/127.0.0.1\/custom-product-list-table-3-0-0-cross-site-request-forgery\/","og_site_name":"SeguridadWordPress.es","article_published_time":"2024-06-18T14:46:13+00:00","twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"http:\/\/127.0.0.1\/custom-product-list-table-3-0-0-cross-site-request-forgery\/","url":"http:\/\/127.0.0.1\/custom-product-list-table-3-0-0-cross-site-request-forgery\/","name":"Custom Product List Table &lt;= 3.0.0 - Cross-Site Request Forgery - SeguridadWordPress.es","isPartOf":{"@id":"http:\/\/127.0.0.1\/#website"},"datePublished":"2024-06-18T14:46:13+00:00","dateModified":"2024-06-18T14:46:13+00:00","author":{"@id":""},"breadcrumb":{"@id":"http:\/\/127.0.0.1\/custom-product-list-table-3-0-0-cross-site-request-forgery\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["http:\/\/127.0.0.1\/custom-product-list-table-3-0-0-cross-site-request-forgery\/"]}]},{"@type":"BreadcrumbList","@id":"http:\/\/127.0.0.1\/custom-product-list-table-3-0-0-cross-site-request-forgery\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"http:\/\/127.0.0.1\/"},{"@type":"ListItem","position":2,"name":"Custom Product List Table &lt;= 3.0.0 &#8211; Cross-Site Request Forgery"}]},{"@type":"WebSite","@id":"http:\/\/127.0.0.1\/#website","url":"http:\/\/127.0.0.1\/","name":"SeguridadWordPress.es","description":"Recopilaci\u00f3n de vulnerabilidades WordPress.","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"http:\/\/127.0.0.1\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"}]}},"amp_enabled":true,"_links":{"self":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts\/4070"}],"collection":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/comments?post=4070"}],"version-history":[{"count":0,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts\/4070\/revisions"}],"wp:attachment":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/media?parent=4070"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/categories?post=4070"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/tags?post=4070"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}