{"id":4376,"date":"2024-07-26T21:15:17","date_gmt":"2024-07-26T21:15:17","guid":{"rendered":"http:\/\/127.0.0.1\/campaign-monitor-for-wordpress-2-8-15-divulgacion-de-ruta-completa-no-autenticada\/"},"modified":"2024-07-26T21:15:17","modified_gmt":"2024-07-26T21:15:17","slug":"campaign-monitor-for-wordpress-2-8-15-divulgacion-de-ruta-completa-no-autenticada","status":"publish","type":"post","link":"http:\/\/127.0.0.1\/campaign-monitor-for-wordpress-2-8-15-divulgacion-de-ruta-completa-no-autenticada\/","title":{"rendered":"Campaign Monitor for WordPress <= 2.8.15 – Divulgaci\u00f3n de Ruta Completa no Autenticada"},"content":{"rendered":"
El plugin Campaign Monitor for WordPress para WordPress es vulnerable a una Divulgaci\u00f3n de Ruta Completa en todas las versiones hasta, e incluyendo, la 2.8.15. Esto se debe a que el plugin no restringe adecuadamente el acceso directo a \/forms\/views\/admin\/create.php y display_errors est\u00e1 habilitado. Esto hace posible que atacantes no autenticados puedan recuperar la ruta completa de la aplicaci\u00f3n web, lo cual puede ser utilizado para facilitar otros ataques. La informaci\u00f3n mostrada no es \u00fatil por s\u00ed sola, y requiere que otra vulnerabilidad est\u00e9 presente para causar da\u00f1o a un sitio web afectado.<\/div>\n

<\/p>\n

Para subsanar este problema, se recomienda a los usuarios actualizar su plugin Campaign Monitor for WordPress a la \u00faltima versi\u00f3n disponible. Adem\u00e1s, se recomienda deshabilitar la visualizaci\u00f3n de errores en el entorno de producci\u00f3n para evitar posibles divulgaciones de informaci\u00f3n sensible. Es importante mantener todos los plugins y temas de WordPress actualizados para protegerse contra posibles vulnerabilidades conocidas.<\/div>\n
Es crucial tomar medidas proactivas para proteger la seguridad de tu sitio web WordPress. Manteniendo tus plugins y temas actualizados, as\u00ed como deshabilitando la visualizaci\u00f3n de errores, puedes reducir el riesgo de sufrir ataques basados en la divulgaci\u00f3n de informaci\u00f3n de ruta completa no autenticada.<\/div>\n","protected":false},"excerpt":{"rendered":"

El plugin Campaign Monitor for WordPress para WordPress es vulnerable a una Divulgaci\u00f3n de Ruta Completa en todas las versiones hasta, e incluyendo, la 2.8.15. Esto se debe a que el plugin no restringe adecuadamente el acceso directo a \/forms\/views\/admin\/create.php y display_errors est\u00e1 habilitado. Esto hace posible que atacantes no autenticados puedan recuperar la ruta […]<\/p>\n","protected":false},"author":0,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[2084],"class_list":["post-4376","post","type-post","status-publish","format-standard","hentry","category-uncategorized","tag-cve-2024-6569"],"yoast_head":"\nCampaign Monitor for WordPress <= 2.8.15 - Divulgaci\u00f3n de Ruta Completa no Autenticada - SeguridadWordPress.es<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"http:\/\/127.0.0.1\/campaign-monitor-for-wordpress-2-8-15-divulgacion-de-ruta-completa-no-autenticada\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Campaign Monitor for WordPress <= 2.8.15 - Divulgaci\u00f3n de Ruta Completa no Autenticada - SeguridadWordPress.es\" \/>\n<meta property=\"og:description\" content=\"El plugin Campaign Monitor for WordPress para WordPress es vulnerable a una Divulgaci\u00f3n de Ruta Completa en todas las versiones hasta, e incluyendo, la 2.8.15. Esto se debe a que el plugin no restringe adecuadamente el acceso directo a \/forms\/views\/admin\/create.php y display_errors est\u00e1 habilitado. Esto hace posible que atacantes no autenticados puedan recuperar la ruta […]\" \/>\n<meta property=\"og:url\" content=\"http:\/\/127.0.0.1\/campaign-monitor-for-wordpress-2-8-15-divulgacion-de-ruta-completa-no-autenticada\/\" \/>\n<meta property=\"og:site_name\" content=\"SeguridadWordPress.es\" \/>\n<meta property=\"article:published_time\" content=\"2024-07-26T21:15:17+00:00\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"http:\/\/127.0.0.1\/campaign-monitor-for-wordpress-2-8-15-divulgacion-de-ruta-completa-no-autenticada\/\",\"url\":\"http:\/\/127.0.0.1\/campaign-monitor-for-wordpress-2-8-15-divulgacion-de-ruta-completa-no-autenticada\/\",\"name\":\"Campaign Monitor for WordPress <= 2.8.15 - Divulgaci\u00f3n de Ruta Completa no Autenticada - SeguridadWordPress.es\",\"isPartOf\":{\"@id\":\"http:\/\/127.0.0.1\/#website\"},\"datePublished\":\"2024-07-26T21:15:17+00:00\",\"dateModified\":\"2024-07-26T21:15:17+00:00\",\"author\":{\"@id\":\"\"},\"breadcrumb\":{\"@id\":\"http:\/\/127.0.0.1\/campaign-monitor-for-wordpress-2-8-15-divulgacion-de-ruta-completa-no-autenticada\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"http:\/\/127.0.0.1\/campaign-monitor-for-wordpress-2-8-15-divulgacion-de-ruta-completa-no-autenticada\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"http:\/\/127.0.0.1\/campaign-monitor-for-wordpress-2-8-15-divulgacion-de-ruta-completa-no-autenticada\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"http:\/\/127.0.0.1\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Campaign Monitor for WordPress <= 2.8.15 – Divulgaci\u00f3n de Ruta Completa no Autenticada\"}]},{\"@type\":\"WebSite\",\"@id\":\"http:\/\/127.0.0.1\/#website\",\"url\":\"http:\/\/127.0.0.1\/\",\"name\":\"SeguridadWordPress.es\",\"description\":\"Recopilaci\u00f3n de vulnerabilidades WordPress.\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"http:\/\/127.0.0.1\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Campaign Monitor for WordPress <= 2.8.15 - Divulgaci\u00f3n de Ruta Completa no Autenticada - SeguridadWordPress.es","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"http:\/\/127.0.0.1\/campaign-monitor-for-wordpress-2-8-15-divulgacion-de-ruta-completa-no-autenticada\/","og_locale":"en_US","og_type":"article","og_title":"Campaign Monitor for WordPress <= 2.8.15 - Divulgaci\u00f3n de Ruta Completa no Autenticada - SeguridadWordPress.es","og_description":"El plugin Campaign Monitor for WordPress para WordPress es vulnerable a una Divulgaci\u00f3n de Ruta Completa en todas las versiones hasta, e incluyendo, la 2.8.15. Esto se debe a que el plugin no restringe adecuadamente el acceso directo a \/forms\/views\/admin\/create.php y display_errors est\u00e1 habilitado. Esto hace posible que atacantes no autenticados puedan recuperar la ruta […]","og_url":"http:\/\/127.0.0.1\/campaign-monitor-for-wordpress-2-8-15-divulgacion-de-ruta-completa-no-autenticada\/","og_site_name":"SeguridadWordPress.es","article_published_time":"2024-07-26T21:15:17+00:00","twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"http:\/\/127.0.0.1\/campaign-monitor-for-wordpress-2-8-15-divulgacion-de-ruta-completa-no-autenticada\/","url":"http:\/\/127.0.0.1\/campaign-monitor-for-wordpress-2-8-15-divulgacion-de-ruta-completa-no-autenticada\/","name":"Campaign Monitor for WordPress <= 2.8.15 - Divulgaci\u00f3n de Ruta Completa no Autenticada - SeguridadWordPress.es","isPartOf":{"@id":"http:\/\/127.0.0.1\/#website"},"datePublished":"2024-07-26T21:15:17+00:00","dateModified":"2024-07-26T21:15:17+00:00","author":{"@id":""},"breadcrumb":{"@id":"http:\/\/127.0.0.1\/campaign-monitor-for-wordpress-2-8-15-divulgacion-de-ruta-completa-no-autenticada\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["http:\/\/127.0.0.1\/campaign-monitor-for-wordpress-2-8-15-divulgacion-de-ruta-completa-no-autenticada\/"]}]},{"@type":"BreadcrumbList","@id":"http:\/\/127.0.0.1\/campaign-monitor-for-wordpress-2-8-15-divulgacion-de-ruta-completa-no-autenticada\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"http:\/\/127.0.0.1\/"},{"@type":"ListItem","position":2,"name":"Campaign Monitor for WordPress <= 2.8.15 – Divulgaci\u00f3n de Ruta Completa no Autenticada"}]},{"@type":"WebSite","@id":"http:\/\/127.0.0.1\/#website","url":"http:\/\/127.0.0.1\/","name":"SeguridadWordPress.es","description":"Recopilaci\u00f3n de vulnerabilidades WordPress.","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"http:\/\/127.0.0.1\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"}]}},"amp_enabled":true,"_links":{"self":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts\/4376"}],"collection":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/comments?post=4376"}],"version-history":[{"count":0,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts\/4376\/revisions"}],"wp:attachment":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/media?parent=4376"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/categories?post=4376"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/tags?post=4376"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}