{"id":4176,"date":"2024-07-01T14:45:13","date_gmt":"2024-07-01T14:45:13","guid":{"rendered":"http:\/\/127.0.0.1\/boot-store-1-6-4-cross-site-scripting-por-almacenamiento-autenticado-contributor-a-traves-del-shortcode-de-boton\/"},"modified":"2024-07-01T14:45:13","modified_gmt":"2024-07-01T14:45:13","slug":"boot-store-1-6-4-cross-site-scripting-por-almacenamiento-autenticado-contributor-a-traves-del-shortcode-de-boton","status":"publish","type":"post","link":"http:\/\/127.0.0.1\/boot-store-1-6-4-cross-site-scripting-por-almacenamiento-autenticado-contributor-a-traves-del-shortcode-de-boton\/","title":{"rendered":"Boot Store <= 1.6.4 – Cross-Site Scripting por Almacenamiento Autenticado (Contributor+) a trav\u00e9s del Shortcode de Bot\u00f3n"},"content":{"rendered":"
El tema de Boot Store para WordPress es vulnerable a Cross-Site Scripting por almacenamiento a trav\u00e9s del par\u00e1metro ‘link’ dentro del Shortcode de Bot\u00f3n del tema en todas las versiones hasta, e incluyendo, la 1.6.4 debido a la insuficiente sanitizaci\u00f3n de entrada y escape de salida. Esto permite a atacantes autenticados, con acceso de nivel Contribuidor y superior, inyectar scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cuando un usuario acceda a una p\u00e1gina inyectada.<\/div>\n

<\/p>\n

Los usuarios afectados por esta vulnerabilidad deben actualizar su tema de Boot Store a la versi\u00f3n 1.6.5 o posterior para mitigar el riesgo de ataques de Cross-Site Scripting. Adem\u00e1s, se recomienda a los usuarios mantener un monitoreo constante de su sitio web en busca de cualquier actividad sospechosa y configurar medidas de seguridad adicionales como firewalls y escaneos de seguridad regulares para protegerse contra posibles amenazas.<\/div>\n
La importancia de mantener los temas y plugins de WordPress actualizados no puede ser subestimada, ya que estas actualizaciones a menudo contienen parches para vulnerabilidades conocidas que podr\u00edan ser explotadas por actores malintencionados. Al tomar medidas proactivas para proteger tu sitio web, puedes reducir significativamente el riesgo de compromiso de seguridad y garantizar la integridad de tu contenido en l\u00ednea.<\/div>\n","protected":false},"excerpt":{"rendered":"

El tema de Boot Store para WordPress es vulnerable a Cross-Site Scripting por almacenamiento a trav\u00e9s del par\u00e1metro ‘link’ dentro del Shortcode de Bot\u00f3n del tema en todas las versiones hasta, e incluyendo, la 1.6.4 debido a la insuficiente sanitizaci\u00f3n de entrada y escape de salida. Esto permite a atacantes autenticados, con acceso de nivel […]<\/p>\n","protected":false},"author":0,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[1886],"class_list":["post-4176","post","type-post","status-publish","format-standard","hentry","category-uncategorized","tag-cve-2024-5938"],"yoast_head":"\nBoot Store <= 1.6.4 - Cross-Site Scripting por Almacenamiento Autenticado (Contributor+) a trav\u00e9s del Shortcode de Bot\u00f3n - SeguridadWordPress.es<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"http:\/\/127.0.0.1\/boot-store-1-6-4-cross-site-scripting-por-almacenamiento-autenticado-contributor-a-traves-del-shortcode-de-boton\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Boot Store <= 1.6.4 - Cross-Site Scripting por Almacenamiento Autenticado (Contributor+) a trav\u00e9s del Shortcode de Bot\u00f3n - SeguridadWordPress.es\" \/>\n<meta property=\"og:description\" content=\"El tema de Boot Store para WordPress es vulnerable a Cross-Site Scripting por almacenamiento a trav\u00e9s del par\u00e1metro ‘link’ dentro del Shortcode de Bot\u00f3n del tema en todas las versiones hasta, e incluyendo, la 1.6.4 debido a la insuficiente sanitizaci\u00f3n de entrada y escape de salida. Esto permite a atacantes autenticados, con acceso de nivel […]\" \/>\n<meta property=\"og:url\" content=\"http:\/\/127.0.0.1\/boot-store-1-6-4-cross-site-scripting-por-almacenamiento-autenticado-contributor-a-traves-del-shortcode-de-boton\/\" \/>\n<meta property=\"og:site_name\" content=\"SeguridadWordPress.es\" \/>\n<meta property=\"article:published_time\" content=\"2024-07-01T14:45:13+00:00\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"http:\/\/127.0.0.1\/boot-store-1-6-4-cross-site-scripting-por-almacenamiento-autenticado-contributor-a-traves-del-shortcode-de-boton\/\",\"url\":\"http:\/\/127.0.0.1\/boot-store-1-6-4-cross-site-scripting-por-almacenamiento-autenticado-contributor-a-traves-del-shortcode-de-boton\/\",\"name\":\"Boot Store <= 1.6.4 - Cross-Site Scripting por Almacenamiento Autenticado (Contributor+) a trav\u00e9s del Shortcode de Bot\u00f3n - SeguridadWordPress.es\",\"isPartOf\":{\"@id\":\"http:\/\/127.0.0.1\/#website\"},\"datePublished\":\"2024-07-01T14:45:13+00:00\",\"dateModified\":\"2024-07-01T14:45:13+00:00\",\"author\":{\"@id\":\"\"},\"breadcrumb\":{\"@id\":\"http:\/\/127.0.0.1\/boot-store-1-6-4-cross-site-scripting-por-almacenamiento-autenticado-contributor-a-traves-del-shortcode-de-boton\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"http:\/\/127.0.0.1\/boot-store-1-6-4-cross-site-scripting-por-almacenamiento-autenticado-contributor-a-traves-del-shortcode-de-boton\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"http:\/\/127.0.0.1\/boot-store-1-6-4-cross-site-scripting-por-almacenamiento-autenticado-contributor-a-traves-del-shortcode-de-boton\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"http:\/\/127.0.0.1\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Boot Store <= 1.6.4 – Cross-Site Scripting por Almacenamiento Autenticado (Contributor+) a trav\u00e9s del Shortcode de Bot\u00f3n\"}]},{\"@type\":\"WebSite\",\"@id\":\"http:\/\/127.0.0.1\/#website\",\"url\":\"http:\/\/127.0.0.1\/\",\"name\":\"SeguridadWordPress.es\",\"description\":\"Recopilaci\u00f3n de vulnerabilidades WordPress.\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"http:\/\/127.0.0.1\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Boot Store <= 1.6.4 - Cross-Site Scripting por Almacenamiento Autenticado (Contributor+) a trav\u00e9s del Shortcode de Bot\u00f3n - SeguridadWordPress.es","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"http:\/\/127.0.0.1\/boot-store-1-6-4-cross-site-scripting-por-almacenamiento-autenticado-contributor-a-traves-del-shortcode-de-boton\/","og_locale":"en_US","og_type":"article","og_title":"Boot Store <= 1.6.4 - Cross-Site Scripting por Almacenamiento Autenticado (Contributor+) a trav\u00e9s del Shortcode de Bot\u00f3n - SeguridadWordPress.es","og_description":"El tema de Boot Store para WordPress es vulnerable a Cross-Site Scripting por almacenamiento a trav\u00e9s del par\u00e1metro ‘link’ dentro del Shortcode de Bot\u00f3n del tema en todas las versiones hasta, e incluyendo, la 1.6.4 debido a la insuficiente sanitizaci\u00f3n de entrada y escape de salida. Esto permite a atacantes autenticados, con acceso de nivel […]","og_url":"http:\/\/127.0.0.1\/boot-store-1-6-4-cross-site-scripting-por-almacenamiento-autenticado-contributor-a-traves-del-shortcode-de-boton\/","og_site_name":"SeguridadWordPress.es","article_published_time":"2024-07-01T14:45:13+00:00","twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"http:\/\/127.0.0.1\/boot-store-1-6-4-cross-site-scripting-por-almacenamiento-autenticado-contributor-a-traves-del-shortcode-de-boton\/","url":"http:\/\/127.0.0.1\/boot-store-1-6-4-cross-site-scripting-por-almacenamiento-autenticado-contributor-a-traves-del-shortcode-de-boton\/","name":"Boot Store <= 1.6.4 - Cross-Site Scripting por Almacenamiento Autenticado (Contributor+) a trav\u00e9s del Shortcode de Bot\u00f3n - SeguridadWordPress.es","isPartOf":{"@id":"http:\/\/127.0.0.1\/#website"},"datePublished":"2024-07-01T14:45:13+00:00","dateModified":"2024-07-01T14:45:13+00:00","author":{"@id":""},"breadcrumb":{"@id":"http:\/\/127.0.0.1\/boot-store-1-6-4-cross-site-scripting-por-almacenamiento-autenticado-contributor-a-traves-del-shortcode-de-boton\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["http:\/\/127.0.0.1\/boot-store-1-6-4-cross-site-scripting-por-almacenamiento-autenticado-contributor-a-traves-del-shortcode-de-boton\/"]}]},{"@type":"BreadcrumbList","@id":"http:\/\/127.0.0.1\/boot-store-1-6-4-cross-site-scripting-por-almacenamiento-autenticado-contributor-a-traves-del-shortcode-de-boton\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"http:\/\/127.0.0.1\/"},{"@type":"ListItem","position":2,"name":"Boot Store <= 1.6.4 – Cross-Site Scripting por Almacenamiento Autenticado (Contributor+) a trav\u00e9s del Shortcode de Bot\u00f3n"}]},{"@type":"WebSite","@id":"http:\/\/127.0.0.1\/#website","url":"http:\/\/127.0.0.1\/","name":"SeguridadWordPress.es","description":"Recopilaci\u00f3n de vulnerabilidades WordPress.","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"http:\/\/127.0.0.1\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"}]}},"amp_enabled":true,"_links":{"self":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts\/4176"}],"collection":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/comments?post=4176"}],"version-history":[{"count":0,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts\/4176\/revisions"}],"wp:attachment":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/media?parent=4176"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/categories?post=4176"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/tags?post=4176"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}