{"id":4473,"date":"2024-08-13T21:31:14","date_gmt":"2024-08-13T21:31:14","guid":{"rendered":"http:\/\/seguridadwordpress.es\/vulnerabilidad-de-cross-site-scripting-almacenado-en-wp-dashboard-notes-1-0-11\/"},"modified":"2024-08-13T21:31:14","modified_gmt":"2024-08-13T21:31:14","slug":"vulnerabilidad-de-cross-site-scripting-almacenado-en-wp-dashboard-notes-1-0-11","status":"publish","type":"post","link":"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-almacenado-en-wp-dashboard-notes-1-0-11\/","title":{"rendered":"Vulnerabilidad de Cross-Site Scripting almacenado en WP Dashboard Notes <= 1.0.11"},"content":{"rendered":"
El plugin WP Dashboard Notes para WordPress es vulnerable a Cross-Site Scripting almacenado en versiones hasta, e incluyendo, 1.0.11 debido a una sanitizaci\u00f3n insuficiente de la entrada y escape de salida. Esto permite a atacantes autenticados, con acceso de nivel suscriptor y superior, inyectar scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cuando un usuario acceda a una p\u00e1gina inyectada.<\/div>\n

<\/p>\n

La vulnerabilidad CVE-2024-43226 en el plugin WP Dashboard Notes permite a los atacantes almacenar scripts maliciosos en las notas del panel de control, lo que puede provocar la ejecuci\u00f3n de c\u00f3digo en el navegador de los usuarios afectados. Para mitigar este riesgo, se recomienda a los usuarios actualizar el plugin a la \u00faltima versi\u00f3n disponible, en este caso la 1.0.12, que corrige esta vulnerabilidad. Adem\u00e1s, se recomienda no confiar ciegamente en las notas del panel de control y validar la entrada de los usuarios antes de mostrarla.<\/div>\n
Es vital que los administradores de sitios web que utilicen el plugin WP Dashboard Notes est\u00e9n al tanto de esta vulnerabilidad y tomen medidas inmediatas para reducir el riesgo de explotaci\u00f3n. Mantener todos los plugins y temas actualizados, as\u00ed como educar a los usuarios sobre las buenas pr\u00e1cticas de seguridad, son pasos clave para proteger su sitio WordPress.<\/div>\n","protected":false},"excerpt":{"rendered":"

El plugin WP Dashboard Notes para WordPress es vulnerable a Cross-Site Scripting almacenado en versiones hasta, e incluyendo, 1.0.11 debido a una sanitizaci\u00f3n insuficiente de la entrada y escape de salida. Esto permite a atacantes autenticados, con acceso de nivel suscriptor y superior, inyectar scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cuando un usuario […]<\/p>\n","protected":false},"author":0,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[2170],"class_list":["post-4473","post","type-post","status-publish","format-standard","hentry","category-uncategorized","tag-cve-2024-43226"],"yoast_head":"\nVulnerabilidad de Cross-Site Scripting almacenado en WP Dashboard Notes <= 1.0.11 - SeguridadWordPress.es<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-almacenado-en-wp-dashboard-notes-1-0-11\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Vulnerabilidad de Cross-Site Scripting almacenado en WP Dashboard Notes <= 1.0.11 - SeguridadWordPress.es\" \/>\n<meta property=\"og:description\" content=\"El plugin WP Dashboard Notes para WordPress es vulnerable a Cross-Site Scripting almacenado en versiones hasta, e incluyendo, 1.0.11 debido a una sanitizaci\u00f3n insuficiente de la entrada y escape de salida. Esto permite a atacantes autenticados, con acceso de nivel suscriptor y superior, inyectar scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cuando un usuario […]\" \/>\n<meta property=\"og:url\" content=\"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-almacenado-en-wp-dashboard-notes-1-0-11\/\" \/>\n<meta property=\"og:site_name\" content=\"SeguridadWordPress.es\" \/>\n<meta property=\"article:published_time\" content=\"2024-08-13T21:31:14+00:00\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-almacenado-en-wp-dashboard-notes-1-0-11\/\",\"url\":\"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-almacenado-en-wp-dashboard-notes-1-0-11\/\",\"name\":\"Vulnerabilidad de Cross-Site Scripting almacenado en WP Dashboard Notes <= 1.0.11 - SeguridadWordPress.es\",\"isPartOf\":{\"@id\":\"http:\/\/127.0.0.1\/#website\"},\"datePublished\":\"2024-08-13T21:31:14+00:00\",\"dateModified\":\"2024-08-13T21:31:14+00:00\",\"author\":{\"@id\":\"\"},\"breadcrumb\":{\"@id\":\"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-almacenado-en-wp-dashboard-notes-1-0-11\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-almacenado-en-wp-dashboard-notes-1-0-11\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-almacenado-en-wp-dashboard-notes-1-0-11\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"http:\/\/127.0.0.1\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Vulnerabilidad de Cross-Site Scripting almacenado en WP Dashboard Notes <= 1.0.11\"}]},{\"@type\":\"WebSite\",\"@id\":\"http:\/\/127.0.0.1\/#website\",\"url\":\"http:\/\/127.0.0.1\/\",\"name\":\"SeguridadWordPress.es\",\"description\":\"Recopilaci\u00f3n de vulnerabilidades WordPress.\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"http:\/\/127.0.0.1\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Vulnerabilidad de Cross-Site Scripting almacenado en WP Dashboard Notes <= 1.0.11 - SeguridadWordPress.es","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-almacenado-en-wp-dashboard-notes-1-0-11\/","og_locale":"en_US","og_type":"article","og_title":"Vulnerabilidad de Cross-Site Scripting almacenado en WP Dashboard Notes <= 1.0.11 - SeguridadWordPress.es","og_description":"El plugin WP Dashboard Notes para WordPress es vulnerable a Cross-Site Scripting almacenado en versiones hasta, e incluyendo, 1.0.11 debido a una sanitizaci\u00f3n insuficiente de la entrada y escape de salida. Esto permite a atacantes autenticados, con acceso de nivel suscriptor y superior, inyectar scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cuando un usuario […]","og_url":"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-almacenado-en-wp-dashboard-notes-1-0-11\/","og_site_name":"SeguridadWordPress.es","article_published_time":"2024-08-13T21:31:14+00:00","twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-almacenado-en-wp-dashboard-notes-1-0-11\/","url":"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-almacenado-en-wp-dashboard-notes-1-0-11\/","name":"Vulnerabilidad de Cross-Site Scripting almacenado en WP Dashboard Notes <= 1.0.11 - SeguridadWordPress.es","isPartOf":{"@id":"http:\/\/127.0.0.1\/#website"},"datePublished":"2024-08-13T21:31:14+00:00","dateModified":"2024-08-13T21:31:14+00:00","author":{"@id":""},"breadcrumb":{"@id":"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-almacenado-en-wp-dashboard-notes-1-0-11\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-almacenado-en-wp-dashboard-notes-1-0-11\/"]}]},{"@type":"BreadcrumbList","@id":"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-almacenado-en-wp-dashboard-notes-1-0-11\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"http:\/\/127.0.0.1\/"},{"@type":"ListItem","position":2,"name":"Vulnerabilidad de Cross-Site Scripting almacenado en WP Dashboard Notes <= 1.0.11"}]},{"@type":"WebSite","@id":"http:\/\/127.0.0.1\/#website","url":"http:\/\/127.0.0.1\/","name":"SeguridadWordPress.es","description":"Recopilaci\u00f3n de vulnerabilidades WordPress.","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"http:\/\/127.0.0.1\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"}]}},"amp_enabled":true,"_links":{"self":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts\/4473"}],"collection":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/comments?post=4473"}],"version-history":[{"count":0,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts\/4473\/revisions"}],"wp:attachment":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/media?parent=4473"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/categories?post=4473"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/tags?post=4473"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}