{"id":4197,"date":"2024-07-02T16:45:11","date_gmt":"2024-07-02T16:45:11","guid":{"rendered":"http:\/\/127.0.0.1\/vulnerabilidad-en-plugin-snippet-shortcodes-4-1-4-cross-site-request-forgery\/"},"modified":"2024-07-02T16:45:11","modified_gmt":"2024-07-02T16:45:11","slug":"vulnerabilidad-en-plugin-snippet-shortcodes-4-1-4-cross-site-request-forgery","status":"publish","type":"post","link":"http:\/\/127.0.0.1\/vulnerabilidad-en-plugin-snippet-shortcodes-4-1-4-cross-site-request-forgery\/","title":{"rendered":"Vulnerabilidad en Plugin Snippet Shortcodes <= 4.1.4 – Cross-Site Request Forgery"},"content":{"rendered":"
El plugin Snippet Shortcodes para WordPress es vulnerable a Cross-Site Request Forgery en todas las versiones hasta, e incluyendo, la 4.1.4. Esta vulnerabilidad se debe a la falta o validaci\u00f3n incorrecta de nonce al agregar o editar shortcodes. Esto permite que atacantes no autenticados modifiquen los shortcodes a trav\u00e9s de una solicitud falsificada, siempre y cuando puedan enga\u00f1ar a un administrador del sitio para que realice una acci\u00f3n como hacer clic en un enlace.<\/div>\n

<\/p>\n

Los usuarios afectados por esta vulnerabilidad en el plugin Snippet Shortcodes <= 4.1.4 deben actualizar a la \u00faltima versi\u00f3n disponible lo antes posible para mitigar el riesgo de ataques CSRF. Adem\u00e1s, se recomienda a los administradores del sitio que implementen medidas adicionales de seguridad como la limitaci\u00f3n de acceso a la zona de administraci\u00f3n mediante direcciones IP, la utilizaci\u00f3n de plugins de seguridad adicionales que refuercen la validaci\u00f3n de nonce, y la concienciaci\u00f3n de los usuarios sobre los riesgos de seguridad al interactuar con enlaces o solicitudes externas.<\/div>\n
Es fundamental mantener todos los plugins y temas de WordPress actualizados para protegerse contra vulnerabilidades conocidas como esta en el plugin Snippet Shortcodes. La seguridad en WordPress es responsabilidad de todos los usuarios, por lo que se recomienda estar al tanto de las \u00faltimas actualizaciones de seguridad y seguir buenas pr\u00e1cticas para la protecci\u00f3n del sitio.<\/div>\n","protected":false},"excerpt":{"rendered":"

El plugin Snippet Shortcodes para WordPress es vulnerable a Cross-Site Request Forgery en todas las versiones hasta, e incluyendo, la 4.1.4. Esta vulnerabilidad se debe a la falta o validaci\u00f3n incorrecta de nonce al agregar o editar shortcodes. Esto permite que atacantes no autenticados modifiquen los shortcodes a trav\u00e9s de una solicitud falsificada, siempre y […]<\/p>\n","protected":false},"author":0,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[1905],"class_list":["post-4197","post","type-post","status-publish","format-standard","hentry","category-uncategorized","tag-cve-2024-4543"],"yoast_head":"\nVulnerabilidad en Plugin Snippet Shortcodes <= 4.1.4 - Cross-Site Request Forgery - SeguridadWordPress.es<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"http:\/\/127.0.0.1\/vulnerabilidad-en-plugin-snippet-shortcodes-4-1-4-cross-site-request-forgery\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Vulnerabilidad en Plugin Snippet Shortcodes <= 4.1.4 - Cross-Site Request Forgery - SeguridadWordPress.es\" \/>\n<meta property=\"og:description\" content=\"El plugin Snippet Shortcodes para WordPress es vulnerable a Cross-Site Request Forgery en todas las versiones hasta, e incluyendo, la 4.1.4. Esta vulnerabilidad se debe a la falta o validaci\u00f3n incorrecta de nonce al agregar o editar shortcodes. Esto permite que atacantes no autenticados modifiquen los shortcodes a trav\u00e9s de una solicitud falsificada, siempre y […]\" \/>\n<meta property=\"og:url\" content=\"http:\/\/127.0.0.1\/vulnerabilidad-en-plugin-snippet-shortcodes-4-1-4-cross-site-request-forgery\/\" \/>\n<meta property=\"og:site_name\" content=\"SeguridadWordPress.es\" \/>\n<meta property=\"article:published_time\" content=\"2024-07-02T16:45:11+00:00\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"http:\/\/127.0.0.1\/vulnerabilidad-en-plugin-snippet-shortcodes-4-1-4-cross-site-request-forgery\/\",\"url\":\"http:\/\/127.0.0.1\/vulnerabilidad-en-plugin-snippet-shortcodes-4-1-4-cross-site-request-forgery\/\",\"name\":\"Vulnerabilidad en Plugin Snippet Shortcodes <= 4.1.4 - Cross-Site Request Forgery - SeguridadWordPress.es\",\"isPartOf\":{\"@id\":\"http:\/\/127.0.0.1\/#website\"},\"datePublished\":\"2024-07-02T16:45:11+00:00\",\"dateModified\":\"2024-07-02T16:45:11+00:00\",\"author\":{\"@id\":\"\"},\"breadcrumb\":{\"@id\":\"http:\/\/127.0.0.1\/vulnerabilidad-en-plugin-snippet-shortcodes-4-1-4-cross-site-request-forgery\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"http:\/\/127.0.0.1\/vulnerabilidad-en-plugin-snippet-shortcodes-4-1-4-cross-site-request-forgery\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"http:\/\/127.0.0.1\/vulnerabilidad-en-plugin-snippet-shortcodes-4-1-4-cross-site-request-forgery\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"http:\/\/127.0.0.1\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Vulnerabilidad en Plugin Snippet Shortcodes <= 4.1.4 – Cross-Site Request Forgery\"}]},{\"@type\":\"WebSite\",\"@id\":\"http:\/\/127.0.0.1\/#website\",\"url\":\"http:\/\/127.0.0.1\/\",\"name\":\"SeguridadWordPress.es\",\"description\":\"Recopilaci\u00f3n de vulnerabilidades WordPress.\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"http:\/\/127.0.0.1\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Vulnerabilidad en Plugin Snippet Shortcodes <= 4.1.4 - Cross-Site Request Forgery - SeguridadWordPress.es","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"http:\/\/127.0.0.1\/vulnerabilidad-en-plugin-snippet-shortcodes-4-1-4-cross-site-request-forgery\/","og_locale":"en_US","og_type":"article","og_title":"Vulnerabilidad en Plugin Snippet Shortcodes <= 4.1.4 - Cross-Site Request Forgery - SeguridadWordPress.es","og_description":"El plugin Snippet Shortcodes para WordPress es vulnerable a Cross-Site Request Forgery en todas las versiones hasta, e incluyendo, la 4.1.4. Esta vulnerabilidad se debe a la falta o validaci\u00f3n incorrecta de nonce al agregar o editar shortcodes. Esto permite que atacantes no autenticados modifiquen los shortcodes a trav\u00e9s de una solicitud falsificada, siempre y […]","og_url":"http:\/\/127.0.0.1\/vulnerabilidad-en-plugin-snippet-shortcodes-4-1-4-cross-site-request-forgery\/","og_site_name":"SeguridadWordPress.es","article_published_time":"2024-07-02T16:45:11+00:00","twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"http:\/\/127.0.0.1\/vulnerabilidad-en-plugin-snippet-shortcodes-4-1-4-cross-site-request-forgery\/","url":"http:\/\/127.0.0.1\/vulnerabilidad-en-plugin-snippet-shortcodes-4-1-4-cross-site-request-forgery\/","name":"Vulnerabilidad en Plugin Snippet Shortcodes <= 4.1.4 - Cross-Site Request Forgery - SeguridadWordPress.es","isPartOf":{"@id":"http:\/\/127.0.0.1\/#website"},"datePublished":"2024-07-02T16:45:11+00:00","dateModified":"2024-07-02T16:45:11+00:00","author":{"@id":""},"breadcrumb":{"@id":"http:\/\/127.0.0.1\/vulnerabilidad-en-plugin-snippet-shortcodes-4-1-4-cross-site-request-forgery\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["http:\/\/127.0.0.1\/vulnerabilidad-en-plugin-snippet-shortcodes-4-1-4-cross-site-request-forgery\/"]}]},{"@type":"BreadcrumbList","@id":"http:\/\/127.0.0.1\/vulnerabilidad-en-plugin-snippet-shortcodes-4-1-4-cross-site-request-forgery\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"http:\/\/127.0.0.1\/"},{"@type":"ListItem","position":2,"name":"Vulnerabilidad en Plugin Snippet Shortcodes <= 4.1.4 – Cross-Site Request Forgery"}]},{"@type":"WebSite","@id":"http:\/\/127.0.0.1\/#website","url":"http:\/\/127.0.0.1\/","name":"SeguridadWordPress.es","description":"Recopilaci\u00f3n de vulnerabilidades WordPress.","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"http:\/\/127.0.0.1\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"}]}},"amp_enabled":true,"_links":{"self":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts\/4197"}],"collection":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/comments?post=4197"}],"version-history":[{"count":0,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts\/4197\/revisions"}],"wp:attachment":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/media?parent=4197"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/categories?post=4197"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/tags?post=4197"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}