{"id":4396,"date":"2024-07-31T18:15:09","date_gmt":"2024-07-31T18:15:09","guid":{"rendered":"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-almacenado-en-el-plugin-breakdance-1-7-2\/"},"modified":"2024-07-31T18:15:09","modified_gmt":"2024-07-31T18:15:09","slug":"vulnerabilidad-de-cross-site-scripting-almacenado-en-el-plugin-breakdance-1-7-2","status":"publish","type":"post","link":"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-almacenado-en-el-plugin-breakdance-1-7-2\/","title":{"rendered":"Vulnerabilidad de Cross-Site Scripting almacenado en el plugin Breakdance <= 1.7.2"},"content":{"rendered":"
El plugin Breakdance para WordPress es vulnerable a Cross-Site Scripting almacenado a trav\u00e9s del par\u00e1metro breakdance_css_file_paths_cache en todas las versiones hasta, e incluyendo, la 1.7.2 debido a una insuficiente sanitizaci\u00f3n de entrada y escape de salida. Esto permite a atacantes autenticados, con acceso de nivel Contribuidor o superior, inyectar scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina infectada.<\/div>\n

<\/p>\n

Para mitigar esta vulnerabilidad, se recomienda a los usuarios actualizar el plugin Breakdance a la versi\u00f3n 1.7.3 o posterior, ya que el desarrollador ha proporcionado un parche para corregir esta falla de seguridad. Adem\u00e1s, se aconseja a los administradores del sitio estar atentos a posibles signos de explotaci\u00f3n de la vulnerabilidad y realizar an\u00e1lisis de c\u00f3digo peri\u00f3dicos para detectar posibles vulnerabilidades en los plugins utilizados.<\/div>\n
La seguridad en WordPress es fundamental para proteger la integridad de un sitio web. Mantener tanto el software de WordPress como sus plugins actualizados es esencial para reducir el riesgo de ser v\u00edctima de ataques como el Cross-Site Scripting almacenado en el plugin Breakdance <= 1.7.2.<\/div>\n","protected":false},"excerpt":{"rendered":"

El plugin Breakdance para WordPress es vulnerable a Cross-Site Scripting almacenado a trav\u00e9s del par\u00e1metro breakdance_css_file_paths_cache en todas las versiones hasta, e incluyendo, la 1.7.2 debido a una insuficiente sanitizaci\u00f3n de entrada y escape de salida. Esto permite a atacantes autenticados, con acceso de nivel Contribuidor o superior, inyectar scripts web arbitrarios en p\u00e1ginas que […]<\/p>\n","protected":false},"author":0,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[2103],"class_list":["post-4396","post","type-post","status-publish","format-standard","hentry","category-uncategorized","tag-cve-2024-5330"],"yoast_head":"\nVulnerabilidad de Cross-Site Scripting almacenado en el plugin Breakdance <= 1.7.2 - SeguridadWordPress.es<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-almacenado-en-el-plugin-breakdance-1-7-2\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Vulnerabilidad de Cross-Site Scripting almacenado en el plugin Breakdance <= 1.7.2 - SeguridadWordPress.es\" \/>\n<meta property=\"og:description\" content=\"El plugin Breakdance para WordPress es vulnerable a Cross-Site Scripting almacenado a trav\u00e9s del par\u00e1metro breakdance_css_file_paths_cache en todas las versiones hasta, e incluyendo, la 1.7.2 debido a una insuficiente sanitizaci\u00f3n de entrada y escape de salida. Esto permite a atacantes autenticados, con acceso de nivel Contribuidor o superior, inyectar scripts web arbitrarios en p\u00e1ginas que […]\" \/>\n<meta property=\"og:url\" content=\"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-almacenado-en-el-plugin-breakdance-1-7-2\/\" \/>\n<meta property=\"og:site_name\" content=\"SeguridadWordPress.es\" \/>\n<meta property=\"article:published_time\" content=\"2024-07-31T18:15:09+00:00\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-almacenado-en-el-plugin-breakdance-1-7-2\/\",\"url\":\"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-almacenado-en-el-plugin-breakdance-1-7-2\/\",\"name\":\"Vulnerabilidad de Cross-Site Scripting almacenado en el plugin Breakdance <= 1.7.2 - SeguridadWordPress.es\",\"isPartOf\":{\"@id\":\"http:\/\/127.0.0.1\/#website\"},\"datePublished\":\"2024-07-31T18:15:09+00:00\",\"dateModified\":\"2024-07-31T18:15:09+00:00\",\"author\":{\"@id\":\"\"},\"breadcrumb\":{\"@id\":\"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-almacenado-en-el-plugin-breakdance-1-7-2\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-almacenado-en-el-plugin-breakdance-1-7-2\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-almacenado-en-el-plugin-breakdance-1-7-2\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"http:\/\/127.0.0.1\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Vulnerabilidad de Cross-Site Scripting almacenado en el plugin Breakdance <= 1.7.2\"}]},{\"@type\":\"WebSite\",\"@id\":\"http:\/\/127.0.0.1\/#website\",\"url\":\"http:\/\/127.0.0.1\/\",\"name\":\"SeguridadWordPress.es\",\"description\":\"Recopilaci\u00f3n de vulnerabilidades WordPress.\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"http:\/\/127.0.0.1\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Vulnerabilidad de Cross-Site Scripting almacenado en el plugin Breakdance <= 1.7.2 - SeguridadWordPress.es","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-almacenado-en-el-plugin-breakdance-1-7-2\/","og_locale":"en_US","og_type":"article","og_title":"Vulnerabilidad de Cross-Site Scripting almacenado en el plugin Breakdance <= 1.7.2 - SeguridadWordPress.es","og_description":"El plugin Breakdance para WordPress es vulnerable a Cross-Site Scripting almacenado a trav\u00e9s del par\u00e1metro breakdance_css_file_paths_cache en todas las versiones hasta, e incluyendo, la 1.7.2 debido a una insuficiente sanitizaci\u00f3n de entrada y escape de salida. Esto permite a atacantes autenticados, con acceso de nivel Contribuidor o superior, inyectar scripts web arbitrarios en p\u00e1ginas que […]","og_url":"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-almacenado-en-el-plugin-breakdance-1-7-2\/","og_site_name":"SeguridadWordPress.es","article_published_time":"2024-07-31T18:15:09+00:00","twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-almacenado-en-el-plugin-breakdance-1-7-2\/","url":"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-almacenado-en-el-plugin-breakdance-1-7-2\/","name":"Vulnerabilidad de Cross-Site Scripting almacenado en el plugin Breakdance <= 1.7.2 - SeguridadWordPress.es","isPartOf":{"@id":"http:\/\/127.0.0.1\/#website"},"datePublished":"2024-07-31T18:15:09+00:00","dateModified":"2024-07-31T18:15:09+00:00","author":{"@id":""},"breadcrumb":{"@id":"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-almacenado-en-el-plugin-breakdance-1-7-2\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-almacenado-en-el-plugin-breakdance-1-7-2\/"]}]},{"@type":"BreadcrumbList","@id":"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-almacenado-en-el-plugin-breakdance-1-7-2\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"http:\/\/127.0.0.1\/"},{"@type":"ListItem","position":2,"name":"Vulnerabilidad de Cross-Site Scripting almacenado en el plugin Breakdance <= 1.7.2"}]},{"@type":"WebSite","@id":"http:\/\/127.0.0.1\/#website","url":"http:\/\/127.0.0.1\/","name":"SeguridadWordPress.es","description":"Recopilaci\u00f3n de vulnerabilidades WordPress.","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"http:\/\/127.0.0.1\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"}]}},"amp_enabled":true,"_links":{"self":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts\/4396"}],"collection":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/comments?post=4396"}],"version-history":[{"count":0,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts\/4396\/revisions"}],"wp:attachment":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/media?parent=4396"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/categories?post=4396"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/tags?post=4396"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}