{"id":4351,"date":"2024-07-23T19:45:08","date_gmt":"2024-07-23T19:45:08","guid":{"rendered":"http:\/\/127.0.0.1\/the-events-calendar-6-5-2-cross-site-scripting-sin-autenticacion\/"},"modified":"2024-07-23T19:45:08","modified_gmt":"2024-07-23T19:45:08","slug":"the-events-calendar-6-5-2-cross-site-scripting-sin-autenticacion","status":"publish","type":"post","link":"http:\/\/127.0.0.1\/the-events-calendar-6-5-2-cross-site-scripting-sin-autenticacion\/","title":{"rendered":"The Events Calendar <= 6.5.2 – Cross-Site Scripting sin Autenticaci\u00f3n"},"content":{"rendered":"
El plugin The Events Calendar para WordPress es vulnerable a Cross-Site Scripting almacenado en todas las versiones hasta, e incluyendo, la 6.5.2 debido a una insuficiente sanitizaci\u00f3n de entradas y escape de salidas. Esto permite a atacantes no autenticados inyectar scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n siempre que un usuario acceda a una p\u00e1gina inyectada.<\/div>\n

<\/p>\n

Este problema de seguridad, identificado con el ID CVE-2024-6931, pone en riesgo la integridad de los sitios web que utilizan el plugin The Events Calendar. Para mitigar esta vulnerabilidad, se recomienda a los usuarios actualizar el plugin a una versi\u00f3n posterior a la 6.5.2 que contenga una correcci\u00f3n para este problema. Adem\u00e1s, se aconseja a los administradores de sitios web realizar una revisi\u00f3n exhaustiva de las entradas de los usuarios para identificar y eliminar cualquier script malicioso incrustado.<\/div>\n
Es fundamental mantener todos los plugins y temas de WordPress actualizados para evitar posibles vulnerabilidades de seguridad, como en el caso del plugin The Events Calendar. La seguridad de un sitio web es responsabilidad de todos los usuarios, por lo que se debe estar atento a las actualizaciones y recomendaciones de seguridad proporcionadas por los desarrolladores de los plugins y temas.<\/div>\n","protected":false},"excerpt":{"rendered":"

El plugin The Events Calendar para WordPress es vulnerable a Cross-Site Scripting almacenado en todas las versiones hasta, e incluyendo, la 6.5.2 debido a una insuficiente sanitizaci\u00f3n de entradas y escape de salidas. Esto permite a atacantes no autenticados inyectar scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n siempre que un usuario acceda a una […]<\/p>\n","protected":false},"author":0,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[2059],"class_list":["post-4351","post","type-post","status-publish","format-standard","hentry","category-uncategorized","tag-cve-2024-6931"],"yoast_head":"\nThe Events Calendar <= 6.5.2 - Cross-Site Scripting sin Autenticaci\u00f3n - SeguridadWordPress.es<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"http:\/\/127.0.0.1\/the-events-calendar-6-5-2-cross-site-scripting-sin-autenticacion\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"The Events Calendar <= 6.5.2 - Cross-Site Scripting sin Autenticaci\u00f3n - SeguridadWordPress.es\" \/>\n<meta property=\"og:description\" content=\"El plugin The Events Calendar para WordPress es vulnerable a Cross-Site Scripting almacenado en todas las versiones hasta, e incluyendo, la 6.5.2 debido a una insuficiente sanitizaci\u00f3n de entradas y escape de salidas. Esto permite a atacantes no autenticados inyectar scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n siempre que un usuario acceda a una […]\" \/>\n<meta property=\"og:url\" content=\"http:\/\/127.0.0.1\/the-events-calendar-6-5-2-cross-site-scripting-sin-autenticacion\/\" \/>\n<meta property=\"og:site_name\" content=\"SeguridadWordPress.es\" \/>\n<meta property=\"article:published_time\" content=\"2024-07-23T19:45:08+00:00\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"http:\/\/127.0.0.1\/the-events-calendar-6-5-2-cross-site-scripting-sin-autenticacion\/\",\"url\":\"http:\/\/127.0.0.1\/the-events-calendar-6-5-2-cross-site-scripting-sin-autenticacion\/\",\"name\":\"The Events Calendar <= 6.5.2 - Cross-Site Scripting sin Autenticaci\u00f3n - SeguridadWordPress.es\",\"isPartOf\":{\"@id\":\"http:\/\/127.0.0.1\/#website\"},\"datePublished\":\"2024-07-23T19:45:08+00:00\",\"dateModified\":\"2024-07-23T19:45:08+00:00\",\"author\":{\"@id\":\"\"},\"breadcrumb\":{\"@id\":\"http:\/\/127.0.0.1\/the-events-calendar-6-5-2-cross-site-scripting-sin-autenticacion\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"http:\/\/127.0.0.1\/the-events-calendar-6-5-2-cross-site-scripting-sin-autenticacion\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"http:\/\/127.0.0.1\/the-events-calendar-6-5-2-cross-site-scripting-sin-autenticacion\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"http:\/\/127.0.0.1\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"The Events Calendar <= 6.5.2 – Cross-Site Scripting sin Autenticaci\u00f3n\"}]},{\"@type\":\"WebSite\",\"@id\":\"http:\/\/127.0.0.1\/#website\",\"url\":\"http:\/\/127.0.0.1\/\",\"name\":\"SeguridadWordPress.es\",\"description\":\"Recopilaci\u00f3n de vulnerabilidades WordPress.\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"http:\/\/127.0.0.1\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"The Events Calendar <= 6.5.2 - Cross-Site Scripting sin Autenticaci\u00f3n - SeguridadWordPress.es","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"http:\/\/127.0.0.1\/the-events-calendar-6-5-2-cross-site-scripting-sin-autenticacion\/","og_locale":"en_US","og_type":"article","og_title":"The Events Calendar <= 6.5.2 - Cross-Site Scripting sin Autenticaci\u00f3n - SeguridadWordPress.es","og_description":"El plugin The Events Calendar para WordPress es vulnerable a Cross-Site Scripting almacenado en todas las versiones hasta, e incluyendo, la 6.5.2 debido a una insuficiente sanitizaci\u00f3n de entradas y escape de salidas. Esto permite a atacantes no autenticados inyectar scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n siempre que un usuario acceda a una […]","og_url":"http:\/\/127.0.0.1\/the-events-calendar-6-5-2-cross-site-scripting-sin-autenticacion\/","og_site_name":"SeguridadWordPress.es","article_published_time":"2024-07-23T19:45:08+00:00","twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"http:\/\/127.0.0.1\/the-events-calendar-6-5-2-cross-site-scripting-sin-autenticacion\/","url":"http:\/\/127.0.0.1\/the-events-calendar-6-5-2-cross-site-scripting-sin-autenticacion\/","name":"The Events Calendar <= 6.5.2 - Cross-Site Scripting sin Autenticaci\u00f3n - SeguridadWordPress.es","isPartOf":{"@id":"http:\/\/127.0.0.1\/#website"},"datePublished":"2024-07-23T19:45:08+00:00","dateModified":"2024-07-23T19:45:08+00:00","author":{"@id":""},"breadcrumb":{"@id":"http:\/\/127.0.0.1\/the-events-calendar-6-5-2-cross-site-scripting-sin-autenticacion\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["http:\/\/127.0.0.1\/the-events-calendar-6-5-2-cross-site-scripting-sin-autenticacion\/"]}]},{"@type":"BreadcrumbList","@id":"http:\/\/127.0.0.1\/the-events-calendar-6-5-2-cross-site-scripting-sin-autenticacion\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"http:\/\/127.0.0.1\/"},{"@type":"ListItem","position":2,"name":"The Events Calendar <= 6.5.2 – Cross-Site Scripting sin Autenticaci\u00f3n"}]},{"@type":"WebSite","@id":"http:\/\/127.0.0.1\/#website","url":"http:\/\/127.0.0.1\/","name":"SeguridadWordPress.es","description":"Recopilaci\u00f3n de vulnerabilidades WordPress.","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"http:\/\/127.0.0.1\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"}]}},"amp_enabled":true,"_links":{"self":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts\/4351"}],"collection":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/comments?post=4351"}],"version-history":[{"count":0,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts\/4351\/revisions"}],"wp:attachment":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/media?parent=4351"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/categories?post=4351"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/tags?post=4351"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}