{"id":4195,"date":"2024-07-01T23:45:30","date_gmt":"2024-07-01T23:45:30","guid":{"rendered":"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-almacenado-en-post-meta-data-manager-1-2-3\/"},"modified":"2024-07-01T23:45:30","modified_gmt":"2024-07-01T23:45:30","slug":"vulnerabilidad-de-cross-site-scripting-almacenado-en-post-meta-data-manager-1-2-3","status":"publish","type":"post","link":"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-almacenado-en-post-meta-data-manager-1-2-3\/","title":{"rendered":"Vulnerabilidad de Cross-Site Scripting almacenado en Post Meta Data Manager <= 1.2.3"},"content":{"rendered":"
La vulnerabilidad CVE-2024-6264, conocida como Cross-Site Scripting (XSS) almacenado, afecta al plugin Post Meta Data Manager para WordPress en versiones hasta la 1.2.3. Esta vulnerabilidad permite a atacantes autenticados con nivel de acceso Contributor o superior inyectar scripts web maliciosos en p\u00e1ginas que se ejecutar\u00e1n cuando un usuario acceda a dicha p\u00e1gina.<\/div>\n

<\/p>\n

La falta de saneamiento de la entrada de datos y de escape de salida en el par\u00e1metro ‘$meta_key’ del plugin Post Meta Data Manager hace que sea posible realizar ataques de XSS almacenado. Para mitigar esta vulnerabilidad, se recomienda a los usuarios actualizar el plugin a la \u00faltima versi\u00f3n disponible, en este caso, a la versi\u00f3n 1.2.4. Adem\u00e1s, se aconseja a los administradores del sitio que limiten el acceso de los roles de usuario y que implementen una pol\u00edtica de seguridad s\u00f3lida para prevenir futuros ataques de este tipo.<\/div>\n
Es fundamental mantener todos los plugins y temas de WordPress actualizados para protegerse contra vulnerabilidades conocidas como la de XSS almacenado en el plugin Post Meta Data Manager. La seguridad de un sitio web es responsabilidad de todos los involucrados, por lo que es importante tomar medidas proactivas para garantizar la protecci\u00f3n de la informaci\u00f3n y de los usuarios.<\/div>\n","protected":false},"excerpt":{"rendered":"

La vulnerabilidad CVE-2024-6264, conocida como Cross-Site Scripting (XSS) almacenado, afecta al plugin Post Meta Data Manager para WordPress en versiones hasta la 1.2.3. Esta vulnerabilidad permite a atacantes autenticados con nivel de acceso Contributor o superior inyectar scripts web maliciosos en p\u00e1ginas que se ejecutar\u00e1n cuando un usuario acceda a dicha p\u00e1gina. La falta de […]<\/p>\n","protected":false},"author":0,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[1903],"class_list":["post-4195","post","type-post","status-publish","format-standard","hentry","category-uncategorized","tag-cve-2024-6264"],"yoast_head":"\nVulnerabilidad de Cross-Site Scripting almacenado en Post Meta Data Manager <= 1.2.3 - SeguridadWordPress.es<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-almacenado-en-post-meta-data-manager-1-2-3\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Vulnerabilidad de Cross-Site Scripting almacenado en Post Meta Data Manager <= 1.2.3 - SeguridadWordPress.es\" \/>\n<meta property=\"og:description\" content=\"La vulnerabilidad CVE-2024-6264, conocida como Cross-Site Scripting (XSS) almacenado, afecta al plugin Post Meta Data Manager para WordPress en versiones hasta la 1.2.3. Esta vulnerabilidad permite a atacantes autenticados con nivel de acceso Contributor o superior inyectar scripts web maliciosos en p\u00e1ginas que se ejecutar\u00e1n cuando un usuario acceda a dicha p\u00e1gina. La falta de […]\" \/>\n<meta property=\"og:url\" content=\"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-almacenado-en-post-meta-data-manager-1-2-3\/\" \/>\n<meta property=\"og:site_name\" content=\"SeguridadWordPress.es\" \/>\n<meta property=\"article:published_time\" content=\"2024-07-01T23:45:30+00:00\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-almacenado-en-post-meta-data-manager-1-2-3\/\",\"url\":\"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-almacenado-en-post-meta-data-manager-1-2-3\/\",\"name\":\"Vulnerabilidad de Cross-Site Scripting almacenado en Post Meta Data Manager <= 1.2.3 - SeguridadWordPress.es\",\"isPartOf\":{\"@id\":\"http:\/\/127.0.0.1\/#website\"},\"datePublished\":\"2024-07-01T23:45:30+00:00\",\"dateModified\":\"2024-07-01T23:45:30+00:00\",\"author\":{\"@id\":\"\"},\"breadcrumb\":{\"@id\":\"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-almacenado-en-post-meta-data-manager-1-2-3\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-almacenado-en-post-meta-data-manager-1-2-3\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-almacenado-en-post-meta-data-manager-1-2-3\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"http:\/\/127.0.0.1\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Vulnerabilidad de Cross-Site Scripting almacenado en Post Meta Data Manager <= 1.2.3\"}]},{\"@type\":\"WebSite\",\"@id\":\"http:\/\/127.0.0.1\/#website\",\"url\":\"http:\/\/127.0.0.1\/\",\"name\":\"SeguridadWordPress.es\",\"description\":\"Recopilaci\u00f3n de vulnerabilidades WordPress.\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"http:\/\/127.0.0.1\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Vulnerabilidad de Cross-Site Scripting almacenado en Post Meta Data Manager <= 1.2.3 - SeguridadWordPress.es","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-almacenado-en-post-meta-data-manager-1-2-3\/","og_locale":"en_US","og_type":"article","og_title":"Vulnerabilidad de Cross-Site Scripting almacenado en Post Meta Data Manager <= 1.2.3 - SeguridadWordPress.es","og_description":"La vulnerabilidad CVE-2024-6264, conocida como Cross-Site Scripting (XSS) almacenado, afecta al plugin Post Meta Data Manager para WordPress en versiones hasta la 1.2.3. Esta vulnerabilidad permite a atacantes autenticados con nivel de acceso Contributor o superior inyectar scripts web maliciosos en p\u00e1ginas que se ejecutar\u00e1n cuando un usuario acceda a dicha p\u00e1gina. La falta de […]","og_url":"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-almacenado-en-post-meta-data-manager-1-2-3\/","og_site_name":"SeguridadWordPress.es","article_published_time":"2024-07-01T23:45:30+00:00","twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-almacenado-en-post-meta-data-manager-1-2-3\/","url":"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-almacenado-en-post-meta-data-manager-1-2-3\/","name":"Vulnerabilidad de Cross-Site Scripting almacenado en Post Meta Data Manager <= 1.2.3 - SeguridadWordPress.es","isPartOf":{"@id":"http:\/\/127.0.0.1\/#website"},"datePublished":"2024-07-01T23:45:30+00:00","dateModified":"2024-07-01T23:45:30+00:00","author":{"@id":""},"breadcrumb":{"@id":"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-almacenado-en-post-meta-data-manager-1-2-3\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-almacenado-en-post-meta-data-manager-1-2-3\/"]}]},{"@type":"BreadcrumbList","@id":"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-almacenado-en-post-meta-data-manager-1-2-3\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"http:\/\/127.0.0.1\/"},{"@type":"ListItem","position":2,"name":"Vulnerabilidad de Cross-Site Scripting almacenado en Post Meta Data Manager <= 1.2.3"}]},{"@type":"WebSite","@id":"http:\/\/127.0.0.1\/#website","url":"http:\/\/127.0.0.1\/","name":"SeguridadWordPress.es","description":"Recopilaci\u00f3n de vulnerabilidades WordPress.","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"http:\/\/127.0.0.1\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"}]}},"amp_enabled":true,"_links":{"self":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts\/4195"}],"collection":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/comments?post=4195"}],"version-history":[{"count":0,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts\/4195\/revisions"}],"wp:attachment":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/media?parent=4195"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/categories?post=4195"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/tags?post=4195"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}