{"id":4548,"date":"2024-08-20T19:31:42","date_gmt":"2024-08-20T19:31:42","guid":{"rendered":"http:\/\/seguridadwordpress.es\/plugin-wp-testimonial-widget-3-0-falta-de-autorizacion\/"},"modified":"2024-08-20T19:31:42","modified_gmt":"2024-08-20T19:31:42","slug":"plugin-wp-testimonial-widget-3-0-falta-de-autorizacion","status":"publish","type":"post","link":"http:\/\/127.0.0.1\/plugin-wp-testimonial-widget-3-0-falta-de-autorizacion\/","title":{"rendered":"Plugin WP Testimonial Widget &lt;= 3.0 &#8211; Falta de Autorizaci\u00f3n"},"content":{"rendered":"<div>El plugin WP Testimonial Widget para WordPress es vulnerable a la modificaci\u00f3n no autorizada de datos debido a la falta de una comprobaci\u00f3n de capacidades en la funci\u00f3n fnSaveTestimonailOrder en todas las versiones hasta, e incluyendo, la 3.0. Esto hace posible que atacantes no autenticados cambien el orden de los testimonios.<\/div>\n<p><\/p>\n<div>Los usuarios pueden subsanar este problema asegur\u00e1ndose de mantener el plugin actualizado a la \u00faltima versi\u00f3n disponible. Tambi\u00e9n se recomienda restringir el acceso al panel de administraci\u00f3n de WordPress solo a usuarios confiables para reducir el riesgo de ataques de este tipo. Adicionalmente, implementar un plugin de seguridad adicional para realizar un monitoreo constante de posibles vulnerabilidades en plugins instalados puede ayudar a prevenir futuros problemas de seguridad.<\/div>\n<div>Es fundamental para los usuarios de WordPress mantenerse informados sobre posibles vulnerabilidades en plugins populares como WP Testimonial Widget y tomar las medidas necesarias para proteger sus sitios web contra ataques cibern\u00e9ticos.<\/div>\n","protected":false},"excerpt":{"rendered":"<p>El plugin WP Testimonial Widget para WordPress es vulnerable a la modificaci\u00f3n no autorizada de datos debido a la falta de una comprobaci\u00f3n de capacidades en la funci\u00f3n fnSaveTestimonailOrder en todas las versiones hasta, e incluyendo, la 3.0. Esto hace posible que atacantes no autenticados cambien el orden de los testimonios. Los usuarios pueden subsanar [&hellip;]<\/p>\n","protected":false},"author":0,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[2241],"class_list":["post-4548","post","type-post","status-publish","format-standard","hentry","category-uncategorized","tag-cve-2024-7390"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v21.8 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Plugin WP Testimonial Widget &lt;= 3.0 - Falta de Autorizaci\u00f3n - SeguridadWordPress.es<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"http:\/\/127.0.0.1\/plugin-wp-testimonial-widget-3-0-falta-de-autorizacion\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Plugin WP Testimonial Widget &lt;= 3.0 - Falta de Autorizaci\u00f3n - SeguridadWordPress.es\" \/>\n<meta property=\"og:description\" content=\"El plugin WP Testimonial Widget para WordPress es vulnerable a la modificaci\u00f3n no autorizada de datos debido a la falta de una comprobaci\u00f3n de capacidades en la funci\u00f3n fnSaveTestimonailOrder en todas las versiones hasta, e incluyendo, la 3.0. Esto hace posible que atacantes no autenticados cambien el orden de los testimonios. Los usuarios pueden subsanar [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"http:\/\/127.0.0.1\/plugin-wp-testimonial-widget-3-0-falta-de-autorizacion\/\" \/>\n<meta property=\"og:site_name\" content=\"SeguridadWordPress.es\" \/>\n<meta property=\"article:published_time\" content=\"2024-08-20T19:31:42+00:00\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"http:\/\/127.0.0.1\/plugin-wp-testimonial-widget-3-0-falta-de-autorizacion\/\",\"url\":\"http:\/\/127.0.0.1\/plugin-wp-testimonial-widget-3-0-falta-de-autorizacion\/\",\"name\":\"Plugin WP Testimonial Widget &lt;= 3.0 - Falta de Autorizaci\u00f3n - SeguridadWordPress.es\",\"isPartOf\":{\"@id\":\"http:\/\/127.0.0.1\/#website\"},\"datePublished\":\"2024-08-20T19:31:42+00:00\",\"dateModified\":\"2024-08-20T19:31:42+00:00\",\"author\":{\"@id\":\"\"},\"breadcrumb\":{\"@id\":\"http:\/\/127.0.0.1\/plugin-wp-testimonial-widget-3-0-falta-de-autorizacion\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"http:\/\/127.0.0.1\/plugin-wp-testimonial-widget-3-0-falta-de-autorizacion\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"http:\/\/127.0.0.1\/plugin-wp-testimonial-widget-3-0-falta-de-autorizacion\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"http:\/\/127.0.0.1\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Plugin WP Testimonial Widget &lt;= 3.0 &#8211; Falta de Autorizaci\u00f3n\"}]},{\"@type\":\"WebSite\",\"@id\":\"http:\/\/127.0.0.1\/#website\",\"url\":\"http:\/\/127.0.0.1\/\",\"name\":\"SeguridadWordPress.es\",\"description\":\"Recopilaci\u00f3n de vulnerabilidades WordPress.\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"http:\/\/127.0.0.1\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Plugin WP Testimonial Widget &lt;= 3.0 - Falta de Autorizaci\u00f3n - SeguridadWordPress.es","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"http:\/\/127.0.0.1\/plugin-wp-testimonial-widget-3-0-falta-de-autorizacion\/","og_locale":"en_US","og_type":"article","og_title":"Plugin WP Testimonial Widget &lt;= 3.0 - Falta de Autorizaci\u00f3n - SeguridadWordPress.es","og_description":"El plugin WP Testimonial Widget para WordPress es vulnerable a la modificaci\u00f3n no autorizada de datos debido a la falta de una comprobaci\u00f3n de capacidades en la funci\u00f3n fnSaveTestimonailOrder en todas las versiones hasta, e incluyendo, la 3.0. Esto hace posible que atacantes no autenticados cambien el orden de los testimonios. Los usuarios pueden subsanar [&hellip;]","og_url":"http:\/\/127.0.0.1\/plugin-wp-testimonial-widget-3-0-falta-de-autorizacion\/","og_site_name":"SeguridadWordPress.es","article_published_time":"2024-08-20T19:31:42+00:00","twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"http:\/\/127.0.0.1\/plugin-wp-testimonial-widget-3-0-falta-de-autorizacion\/","url":"http:\/\/127.0.0.1\/plugin-wp-testimonial-widget-3-0-falta-de-autorizacion\/","name":"Plugin WP Testimonial Widget &lt;= 3.0 - Falta de Autorizaci\u00f3n - SeguridadWordPress.es","isPartOf":{"@id":"http:\/\/127.0.0.1\/#website"},"datePublished":"2024-08-20T19:31:42+00:00","dateModified":"2024-08-20T19:31:42+00:00","author":{"@id":""},"breadcrumb":{"@id":"http:\/\/127.0.0.1\/plugin-wp-testimonial-widget-3-0-falta-de-autorizacion\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["http:\/\/127.0.0.1\/plugin-wp-testimonial-widget-3-0-falta-de-autorizacion\/"]}]},{"@type":"BreadcrumbList","@id":"http:\/\/127.0.0.1\/plugin-wp-testimonial-widget-3-0-falta-de-autorizacion\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"http:\/\/127.0.0.1\/"},{"@type":"ListItem","position":2,"name":"Plugin WP Testimonial Widget &lt;= 3.0 &#8211; Falta de Autorizaci\u00f3n"}]},{"@type":"WebSite","@id":"http:\/\/127.0.0.1\/#website","url":"http:\/\/127.0.0.1\/","name":"SeguridadWordPress.es","description":"Recopilaci\u00f3n de vulnerabilidades WordPress.","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"http:\/\/127.0.0.1\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"}]}},"amp_enabled":true,"_links":{"self":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts\/4548"}],"collection":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/comments?post=4548"}],"version-history":[{"count":0,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts\/4548\/revisions"}],"wp:attachment":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/media?parent=4548"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/categories?post=4548"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/tags?post=4548"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}