{"id":4130,"date":"2024-06-21T15:45:48","date_gmt":"2024-06-21T15:45:48","guid":{"rendered":"http:\/\/127.0.0.1\/contentlock-1-0-3-csrf-para-agregar-correos-electronicos\/"},"modified":"2024-06-21T15:45:48","modified_gmt":"2024-06-21T15:45:48","slug":"contentlock-1-0-3-csrf-para-agregar-correos-electronicos","status":"publish","type":"post","link":"http:\/\/127.0.0.1\/contentlock-1-0-3-csrf-para-agregar-correos-electronicos\/","title":{"rendered":"ContentLock &lt;= 1.0.3 &#8211; CSRF para Agregar Correos Electr\u00f3nicos"},"content":{"rendered":"<div>El plugin ContentLock para WordPress es vulnerable a Cross-Site Request Forgery (CSRF) en todas las versiones hasta, e incluyendo, la 1.0.3. Esto se debe a la falta o validaci\u00f3n incorrecta de nonce en una funci\u00f3n. Esto hace posible que atacantes no autenticados agreguen un correo electr\u00f3nico a trav\u00e9s de una solicitud falsificada, siempre que puedan enga\u00f1ar a un administrador del sitio para que realice una acci\u00f3n como hacer clic en un enlace.<\/div>\n<p><\/p>\n<div>Los usuarios afectados por esta vulnerabilidad pueden tomar las siguientes medidas para mitigar el riesgo: 1. Actualizar el plugin ContentLock a la \u00faltima versi\u00f3n disponible que solucione este problema. 2. Estar alerta a posibles correos electr\u00f3nicos sospechosos o enlaces inesperados que puedan ser utilizados para realizar solicitudes falsas. 3. Implementar medidas de seguridad adicionales en el sitio web, como firewalls de aplicaciones web (WAF) para detectar y bloquear posibles ataques CSRF.<\/div>\n<div>Es crucial que los usuarios de WordPress que utilicen el plugin ContentLock tomen medidas inmediatas para proteger sus sitios web de posibles ataques CSRF. Al seguir las recomendaciones mencionadas anteriormente, se puede reducir significativamente el riesgo de explotaci\u00f3n de esta vulnerabilidad.<\/div>\n","protected":false},"excerpt":{"rendered":"<p>El plugin ContentLock para WordPress es vulnerable a Cross-Site Request Forgery (CSRF) en todas las versiones hasta, e incluyendo, la 1.0.3. Esto se debe a la falta o validaci\u00f3n incorrecta de nonce en una funci\u00f3n. Esto hace posible que atacantes no autenticados agreguen un correo electr\u00f3nico a trav\u00e9s de una solicitud falsificada, siempre que puedan [&hellip;]<\/p>\n","protected":false},"author":0,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[1840],"class_list":["post-4130","post","type-post","status-publish","format-standard","hentry","category-uncategorized","tag-cve-2024-6023"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v21.8 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>ContentLock &lt;= 1.0.3 - CSRF para Agregar Correos Electr\u00f3nicos - SeguridadWordPress.es<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"http:\/\/127.0.0.1\/contentlock-1-0-3-csrf-para-agregar-correos-electronicos\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"ContentLock &lt;= 1.0.3 - CSRF para Agregar Correos Electr\u00f3nicos - SeguridadWordPress.es\" \/>\n<meta property=\"og:description\" content=\"El plugin ContentLock para WordPress es vulnerable a Cross-Site Request Forgery (CSRF) en todas las versiones hasta, e incluyendo, la 1.0.3. Esto se debe a la falta o validaci\u00f3n incorrecta de nonce en una funci\u00f3n. Esto hace posible que atacantes no autenticados agreguen un correo electr\u00f3nico a trav\u00e9s de una solicitud falsificada, siempre que puedan [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"http:\/\/127.0.0.1\/contentlock-1-0-3-csrf-para-agregar-correos-electronicos\/\" \/>\n<meta property=\"og:site_name\" content=\"SeguridadWordPress.es\" \/>\n<meta property=\"article:published_time\" content=\"2024-06-21T15:45:48+00:00\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"http:\/\/127.0.0.1\/contentlock-1-0-3-csrf-para-agregar-correos-electronicos\/\",\"url\":\"http:\/\/127.0.0.1\/contentlock-1-0-3-csrf-para-agregar-correos-electronicos\/\",\"name\":\"ContentLock &lt;= 1.0.3 - CSRF para Agregar Correos Electr\u00f3nicos - SeguridadWordPress.es\",\"isPartOf\":{\"@id\":\"http:\/\/127.0.0.1\/#website\"},\"datePublished\":\"2024-06-21T15:45:48+00:00\",\"dateModified\":\"2024-06-21T15:45:48+00:00\",\"author\":{\"@id\":\"\"},\"breadcrumb\":{\"@id\":\"http:\/\/127.0.0.1\/contentlock-1-0-3-csrf-para-agregar-correos-electronicos\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"http:\/\/127.0.0.1\/contentlock-1-0-3-csrf-para-agregar-correos-electronicos\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"http:\/\/127.0.0.1\/contentlock-1-0-3-csrf-para-agregar-correos-electronicos\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"http:\/\/127.0.0.1\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"ContentLock &lt;= 1.0.3 &#8211; CSRF para Agregar Correos Electr\u00f3nicos\"}]},{\"@type\":\"WebSite\",\"@id\":\"http:\/\/127.0.0.1\/#website\",\"url\":\"http:\/\/127.0.0.1\/\",\"name\":\"SeguridadWordPress.es\",\"description\":\"Recopilaci\u00f3n de vulnerabilidades WordPress.\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"http:\/\/127.0.0.1\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"ContentLock &lt;= 1.0.3 - CSRF para Agregar Correos Electr\u00f3nicos - SeguridadWordPress.es","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"http:\/\/127.0.0.1\/contentlock-1-0-3-csrf-para-agregar-correos-electronicos\/","og_locale":"en_US","og_type":"article","og_title":"ContentLock &lt;= 1.0.3 - CSRF para Agregar Correos Electr\u00f3nicos - SeguridadWordPress.es","og_description":"El plugin ContentLock para WordPress es vulnerable a Cross-Site Request Forgery (CSRF) en todas las versiones hasta, e incluyendo, la 1.0.3. Esto se debe a la falta o validaci\u00f3n incorrecta de nonce en una funci\u00f3n. Esto hace posible que atacantes no autenticados agreguen un correo electr\u00f3nico a trav\u00e9s de una solicitud falsificada, siempre que puedan [&hellip;]","og_url":"http:\/\/127.0.0.1\/contentlock-1-0-3-csrf-para-agregar-correos-electronicos\/","og_site_name":"SeguridadWordPress.es","article_published_time":"2024-06-21T15:45:48+00:00","twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"http:\/\/127.0.0.1\/contentlock-1-0-3-csrf-para-agregar-correos-electronicos\/","url":"http:\/\/127.0.0.1\/contentlock-1-0-3-csrf-para-agregar-correos-electronicos\/","name":"ContentLock &lt;= 1.0.3 - CSRF para Agregar Correos Electr\u00f3nicos - SeguridadWordPress.es","isPartOf":{"@id":"http:\/\/127.0.0.1\/#website"},"datePublished":"2024-06-21T15:45:48+00:00","dateModified":"2024-06-21T15:45:48+00:00","author":{"@id":""},"breadcrumb":{"@id":"http:\/\/127.0.0.1\/contentlock-1-0-3-csrf-para-agregar-correos-electronicos\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["http:\/\/127.0.0.1\/contentlock-1-0-3-csrf-para-agregar-correos-electronicos\/"]}]},{"@type":"BreadcrumbList","@id":"http:\/\/127.0.0.1\/contentlock-1-0-3-csrf-para-agregar-correos-electronicos\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"http:\/\/127.0.0.1\/"},{"@type":"ListItem","position":2,"name":"ContentLock &lt;= 1.0.3 &#8211; CSRF para Agregar Correos Electr\u00f3nicos"}]},{"@type":"WebSite","@id":"http:\/\/127.0.0.1\/#website","url":"http:\/\/127.0.0.1\/","name":"SeguridadWordPress.es","description":"Recopilaci\u00f3n de vulnerabilidades WordPress.","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"http:\/\/127.0.0.1\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"}]}},"amp_enabled":true,"_links":{"self":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts\/4130"}],"collection":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/comments?post=4130"}],"version-history":[{"count":0,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts\/4130\/revisions"}],"wp:attachment":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/media?parent=4130"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/categories?post=4130"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/tags?post=4130"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}