{"id":4546,"date":"2024-08-20T19:31:32","date_gmt":"2024-08-20T19:31:32","guid":{"rendered":"http:\/\/seguridadwordpress.es\/vulnerabilidad-de-cross-site-scripting-almacenado-en-responsive-video-1-0-para-wordpress\/"},"modified":"2024-08-20T19:31:32","modified_gmt":"2024-08-20T19:31:32","slug":"vulnerabilidad-de-cross-site-scripting-almacenado-en-responsive-video-1-0-para-wordpress","status":"publish","type":"post","link":"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-almacenado-en-responsive-video-1-0-para-wordpress\/","title":{"rendered":"Vulnerabilidad de Cross-Site Scripting almacenado en Responsive Video <= 1.0 para WordPress"},"content":{"rendered":"
La vulnerabilidad CVE-2024-7629 afecta al plugin de WordPress Responsive Video hasta la versi\u00f3n 1.0, permitiendo a atacantes autenticados con acceso de contribuidor o superior inyectar scripts maliciosos en p\u00e1ginas habilitadas para videos responsivos.<\/div>\n

<\/p>\n

La vulnerabilidad de Cross-Site Scripting almacenado en el plugin Responsive Video para WordPress hasta la versi\u00f3n 1.0 radica en la insuficiente sanitizaci\u00f3n de entrada y escape de salida en los atributos suministrados por el usuario en la funci\u00f3n de ajustes de video del plugin. Esto posibilita que un atacante autenticado pueda inyectar scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a dicha p\u00e1gina inyectada. Para mitigar este problema, se recomienda a los usuarios mantener el plugin actualizado a la \u00faltima versi\u00f3n disponible y restringir el acceso de contribuidor o superior a funciones sensibles del sitio web.<\/div>\n
La importancia de mantener los plugins de WordPress actualizados y restringir los privilegios de los usuarios a funciones cr\u00edticas se hace evidente con vulnerabilidades como la presente en Responsive Video <= 1.0. Al seguir buenas pr\u00e1cticas de seguridad, los usuarios pueden reducir significativamente el riesgo de sufrir ataques de Cross-Site Scripting y proteger la integridad de sus sitios web.<\/div>\n","protected":false},"excerpt":{"rendered":"

La vulnerabilidad CVE-2024-7629 afecta al plugin de WordPress Responsive Video hasta la versi\u00f3n 1.0, permitiendo a atacantes autenticados con acceso de contribuidor o superior inyectar scripts maliciosos en p\u00e1ginas habilitadas para videos responsivos. La vulnerabilidad de Cross-Site Scripting almacenado en el plugin Responsive Video para WordPress hasta la versi\u00f3n 1.0 radica en la insuficiente sanitizaci\u00f3n […]<\/p>\n","protected":false},"author":0,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[2240],"class_list":["post-4546","post","type-post","status-publish","format-standard","hentry","category-uncategorized","tag-cve-2024-7629"],"yoast_head":"\nVulnerabilidad de Cross-Site Scripting almacenado en Responsive Video <= 1.0 para WordPress - SeguridadWordPress.es<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-almacenado-en-responsive-video-1-0-para-wordpress\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Vulnerabilidad de Cross-Site Scripting almacenado en Responsive Video <= 1.0 para WordPress - SeguridadWordPress.es\" \/>\n<meta property=\"og:description\" content=\"La vulnerabilidad CVE-2024-7629 afecta al plugin de WordPress Responsive Video hasta la versi\u00f3n 1.0, permitiendo a atacantes autenticados con acceso de contribuidor o superior inyectar scripts maliciosos en p\u00e1ginas habilitadas para videos responsivos. La vulnerabilidad de Cross-Site Scripting almacenado en el plugin Responsive Video para WordPress hasta la versi\u00f3n 1.0 radica en la insuficiente sanitizaci\u00f3n […]\" \/>\n<meta property=\"og:url\" content=\"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-almacenado-en-responsive-video-1-0-para-wordpress\/\" \/>\n<meta property=\"og:site_name\" content=\"SeguridadWordPress.es\" \/>\n<meta property=\"article:published_time\" content=\"2024-08-20T19:31:32+00:00\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-almacenado-en-responsive-video-1-0-para-wordpress\/\",\"url\":\"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-almacenado-en-responsive-video-1-0-para-wordpress\/\",\"name\":\"Vulnerabilidad de Cross-Site Scripting almacenado en Responsive Video <= 1.0 para WordPress - SeguridadWordPress.es\",\"isPartOf\":{\"@id\":\"http:\/\/127.0.0.1\/#website\"},\"datePublished\":\"2024-08-20T19:31:32+00:00\",\"dateModified\":\"2024-08-20T19:31:32+00:00\",\"author\":{\"@id\":\"\"},\"breadcrumb\":{\"@id\":\"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-almacenado-en-responsive-video-1-0-para-wordpress\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-almacenado-en-responsive-video-1-0-para-wordpress\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-almacenado-en-responsive-video-1-0-para-wordpress\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"http:\/\/127.0.0.1\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Vulnerabilidad de Cross-Site Scripting almacenado en Responsive Video <= 1.0 para WordPress\"}]},{\"@type\":\"WebSite\",\"@id\":\"http:\/\/127.0.0.1\/#website\",\"url\":\"http:\/\/127.0.0.1\/\",\"name\":\"SeguridadWordPress.es\",\"description\":\"Recopilaci\u00f3n de vulnerabilidades WordPress.\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"http:\/\/127.0.0.1\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Vulnerabilidad de Cross-Site Scripting almacenado en Responsive Video <= 1.0 para WordPress - SeguridadWordPress.es","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-almacenado-en-responsive-video-1-0-para-wordpress\/","og_locale":"en_US","og_type":"article","og_title":"Vulnerabilidad de Cross-Site Scripting almacenado en Responsive Video <= 1.0 para WordPress - SeguridadWordPress.es","og_description":"La vulnerabilidad CVE-2024-7629 afecta al plugin de WordPress Responsive Video hasta la versi\u00f3n 1.0, permitiendo a atacantes autenticados con acceso de contribuidor o superior inyectar scripts maliciosos en p\u00e1ginas habilitadas para videos responsivos. La vulnerabilidad de Cross-Site Scripting almacenado en el plugin Responsive Video para WordPress hasta la versi\u00f3n 1.0 radica en la insuficiente sanitizaci\u00f3n […]","og_url":"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-almacenado-en-responsive-video-1-0-para-wordpress\/","og_site_name":"SeguridadWordPress.es","article_published_time":"2024-08-20T19:31:32+00:00","twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-almacenado-en-responsive-video-1-0-para-wordpress\/","url":"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-almacenado-en-responsive-video-1-0-para-wordpress\/","name":"Vulnerabilidad de Cross-Site Scripting almacenado en Responsive Video <= 1.0 para WordPress - SeguridadWordPress.es","isPartOf":{"@id":"http:\/\/127.0.0.1\/#website"},"datePublished":"2024-08-20T19:31:32+00:00","dateModified":"2024-08-20T19:31:32+00:00","author":{"@id":""},"breadcrumb":{"@id":"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-almacenado-en-responsive-video-1-0-para-wordpress\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-almacenado-en-responsive-video-1-0-para-wordpress\/"]}]},{"@type":"BreadcrumbList","@id":"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-almacenado-en-responsive-video-1-0-para-wordpress\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"http:\/\/127.0.0.1\/"},{"@type":"ListItem","position":2,"name":"Vulnerabilidad de Cross-Site Scripting almacenado en Responsive Video <= 1.0 para WordPress"}]},{"@type":"WebSite","@id":"http:\/\/127.0.0.1\/#website","url":"http:\/\/127.0.0.1\/","name":"SeguridadWordPress.es","description":"Recopilaci\u00f3n de vulnerabilidades WordPress.","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"http:\/\/127.0.0.1\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"}]}},"amp_enabled":true,"_links":{"self":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts\/4546"}],"collection":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/comments?post=4546"}],"version-history":[{"count":0,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts\/4546\/revisions"}],"wp:attachment":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/media?parent=4546"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/categories?post=4546"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/tags?post=4546"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}