{"id":4598,"date":"2024-08-28T00:25:07","date_gmt":"2024-08-28T00:25:07","guid":{"rendered":"http:\/\/127.0.0.1\/vulnerabilidad-en-interactive-contact-form-and-multi-step-form-builder-con-editor-de-arrastrar-y-soltar-funnelforms-free-3-7-3-2-autorizacion-faltante-para-carga-de-medios-arbitrarios-no-aut\/"},"modified":"2024-08-28T00:25:07","modified_gmt":"2024-08-28T00:25:07","slug":"vulnerabilidad-en-interactive-contact-form-and-multi-step-form-builder-con-editor-de-arrastrar-y-soltar-funnelforms-free-3-7-3-2-autorizacion-faltante-para-carga-de-medios-arbitrarios-no-aut","status":"publish","type":"post","link":"http:\/\/127.0.0.1\/vulnerabilidad-en-interactive-contact-form-and-multi-step-form-builder-con-editor-de-arrastrar-y-soltar-funnelforms-free-3-7-3-2-autorizacion-faltante-para-carga-de-medios-arbitrarios-no-aut\/","title":{"rendered":"Vulnerabilidad en Interactive Contact Form and Multi Step Form Builder con Editor de Arrastrar y Soltar – Funnelforms Free <= 3.7.3.2 – Autorizaci\u00f3n Faltante para Carga de Medios Arbitrarios No Autenticados"},"content":{"rendered":"
El plugin Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor – Funnelforms Free para WordPress es vulnerable a la modificaci\u00f3n no autorizada de datos debido a una falta de verificaci\u00f3n de capacidad en la funci\u00f3n ‘fnsf_af2_handel_file_upload’ en todas las versiones hasta, e incluyendo, la 3.7.3.2. Esto permite a atacantes no autenticados subir medios arbitrarios al sitio, incluso si no existen formularios.<\/div>\n

<\/p>\n

La falta de autorizaci\u00f3n en el plugin Funnelforms Free puede ser explotada por atacantes no autenticados para subir cualquier tipo de archivo al sitio web, lo que puede resultar en la inserci\u00f3n de contenido malicioso o comprometido. Para mitigar este riesgo, se recomienda a los usuarios actualizar el plugin a la \u00faltima versi\u00f3n disponible tan pronto como sea posible. Adem\u00e1s, se debe monitorear de cerca cualquier actividad sospechosa en el sitio web y restringir el acceso a la funci\u00f3n ‘fnsf_af2_handel_file_upload’ solo a usuarios autorizados.<\/div>\n
Es crucial para la seguridad de su sitio web que los usuarios apliquen las actualizaciones relevantes de los plugins y temas de WordPress de manera oportuna. Al tomar estas medidas preventivas, se puede reducir significativamente el riesgo de que los atacantes aprovechen vulnerabilidades conocidas para comprometer la integridad de su sitio.<\/div>\n","protected":false},"excerpt":{"rendered":"

El plugin Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor – Funnelforms Free para WordPress es vulnerable a la modificaci\u00f3n no autorizada de datos debido a una falta de verificaci\u00f3n de capacidad en la funci\u00f3n ‘fnsf_af2_handel_file_upload’ en todas las versiones hasta, e incluyendo, la 3.7.3.2. Esto permite a atacantes no […]<\/p>\n","protected":false},"author":0,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[2287],"class_list":["post-4598","post","type-post","status-publish","format-standard","hentry","category-uncategorized","tag-cve-2024-7447"],"yoast_head":"\nVulnerabilidad en Interactive Contact Form and Multi Step Form Builder con Editor de Arrastrar y Soltar - Funnelforms Free <= 3.7.3.2 - Autorizaci\u00f3n Faltante para Carga de Medios Arbitrarios No Autenticados - SeguridadWordPress.es<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"http:\/\/127.0.0.1\/vulnerabilidad-en-interactive-contact-form-and-multi-step-form-builder-con-editor-de-arrastrar-y-soltar-funnelforms-free-3-7-3-2-autorizacion-faltante-para-carga-de-medios-arbitrarios-no-aut\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Vulnerabilidad en Interactive Contact Form and Multi Step Form Builder con Editor de Arrastrar y Soltar - Funnelforms Free <= 3.7.3.2 - Autorizaci\u00f3n Faltante para Carga de Medios Arbitrarios No Autenticados - SeguridadWordPress.es\" \/>\n<meta property=\"og:description\" content=\"El plugin Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor – Funnelforms Free para WordPress es vulnerable a la modificaci\u00f3n no autorizada de datos debido a una falta de verificaci\u00f3n de capacidad en la funci\u00f3n ‘fnsf_af2_handel_file_upload’ en todas las versiones hasta, e incluyendo, la 3.7.3.2. Esto permite a atacantes no […]\" \/>\n<meta property=\"og:url\" content=\"http:\/\/127.0.0.1\/vulnerabilidad-en-interactive-contact-form-and-multi-step-form-builder-con-editor-de-arrastrar-y-soltar-funnelforms-free-3-7-3-2-autorizacion-faltante-para-carga-de-medios-arbitrarios-no-aut\/\" \/>\n<meta property=\"og:site_name\" content=\"SeguridadWordPress.es\" \/>\n<meta property=\"article:published_time\" content=\"2024-08-28T00:25:07+00:00\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"http:\/\/127.0.0.1\/vulnerabilidad-en-interactive-contact-form-and-multi-step-form-builder-con-editor-de-arrastrar-y-soltar-funnelforms-free-3-7-3-2-autorizacion-faltante-para-carga-de-medios-arbitrarios-no-aut\/\",\"url\":\"http:\/\/127.0.0.1\/vulnerabilidad-en-interactive-contact-form-and-multi-step-form-builder-con-editor-de-arrastrar-y-soltar-funnelforms-free-3-7-3-2-autorizacion-faltante-para-carga-de-medios-arbitrarios-no-aut\/\",\"name\":\"Vulnerabilidad en Interactive Contact Form and Multi Step Form Builder con Editor de Arrastrar y Soltar - Funnelforms Free <= 3.7.3.2 - Autorizaci\u00f3n Faltante para Carga de Medios Arbitrarios No Autenticados - SeguridadWordPress.es\",\"isPartOf\":{\"@id\":\"http:\/\/127.0.0.1\/#website\"},\"datePublished\":\"2024-08-28T00:25:07+00:00\",\"dateModified\":\"2024-08-28T00:25:07+00:00\",\"author\":{\"@id\":\"\"},\"breadcrumb\":{\"@id\":\"http:\/\/127.0.0.1\/vulnerabilidad-en-interactive-contact-form-and-multi-step-form-builder-con-editor-de-arrastrar-y-soltar-funnelforms-free-3-7-3-2-autorizacion-faltante-para-carga-de-medios-arbitrarios-no-aut\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"http:\/\/127.0.0.1\/vulnerabilidad-en-interactive-contact-form-and-multi-step-form-builder-con-editor-de-arrastrar-y-soltar-funnelforms-free-3-7-3-2-autorizacion-faltante-para-carga-de-medios-arbitrarios-no-aut\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"http:\/\/127.0.0.1\/vulnerabilidad-en-interactive-contact-form-and-multi-step-form-builder-con-editor-de-arrastrar-y-soltar-funnelforms-free-3-7-3-2-autorizacion-faltante-para-carga-de-medios-arbitrarios-no-aut\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"http:\/\/127.0.0.1\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Vulnerabilidad en Interactive Contact Form and Multi Step Form Builder con Editor de Arrastrar y Soltar – Funnelforms Free <= 3.7.3.2 – Autorizaci\u00f3n Faltante para Carga de Medios Arbitrarios No Autenticados\"}]},{\"@type\":\"WebSite\",\"@id\":\"http:\/\/127.0.0.1\/#website\",\"url\":\"http:\/\/127.0.0.1\/\",\"name\":\"SeguridadWordPress.es\",\"description\":\"Recopilaci\u00f3n de vulnerabilidades WordPress.\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"http:\/\/127.0.0.1\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Vulnerabilidad en Interactive Contact Form and Multi Step Form Builder con Editor de Arrastrar y Soltar - Funnelforms Free <= 3.7.3.2 - Autorizaci\u00f3n Faltante para Carga de Medios Arbitrarios No Autenticados - SeguridadWordPress.es","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"http:\/\/127.0.0.1\/vulnerabilidad-en-interactive-contact-form-and-multi-step-form-builder-con-editor-de-arrastrar-y-soltar-funnelforms-free-3-7-3-2-autorizacion-faltante-para-carga-de-medios-arbitrarios-no-aut\/","og_locale":"en_US","og_type":"article","og_title":"Vulnerabilidad en Interactive Contact Form and Multi Step Form Builder con Editor de Arrastrar y Soltar - Funnelforms Free <= 3.7.3.2 - Autorizaci\u00f3n Faltante para Carga de Medios Arbitrarios No Autenticados - SeguridadWordPress.es","og_description":"El plugin Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor – Funnelforms Free para WordPress es vulnerable a la modificaci\u00f3n no autorizada de datos debido a una falta de verificaci\u00f3n de capacidad en la funci\u00f3n ‘fnsf_af2_handel_file_upload’ en todas las versiones hasta, e incluyendo, la 3.7.3.2. Esto permite a atacantes no […]","og_url":"http:\/\/127.0.0.1\/vulnerabilidad-en-interactive-contact-form-and-multi-step-form-builder-con-editor-de-arrastrar-y-soltar-funnelforms-free-3-7-3-2-autorizacion-faltante-para-carga-de-medios-arbitrarios-no-aut\/","og_site_name":"SeguridadWordPress.es","article_published_time":"2024-08-28T00:25:07+00:00","twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"http:\/\/127.0.0.1\/vulnerabilidad-en-interactive-contact-form-and-multi-step-form-builder-con-editor-de-arrastrar-y-soltar-funnelforms-free-3-7-3-2-autorizacion-faltante-para-carga-de-medios-arbitrarios-no-aut\/","url":"http:\/\/127.0.0.1\/vulnerabilidad-en-interactive-contact-form-and-multi-step-form-builder-con-editor-de-arrastrar-y-soltar-funnelforms-free-3-7-3-2-autorizacion-faltante-para-carga-de-medios-arbitrarios-no-aut\/","name":"Vulnerabilidad en Interactive Contact Form and Multi Step Form Builder con Editor de Arrastrar y Soltar - Funnelforms Free <= 3.7.3.2 - Autorizaci\u00f3n Faltante para Carga de Medios Arbitrarios No Autenticados - SeguridadWordPress.es","isPartOf":{"@id":"http:\/\/127.0.0.1\/#website"},"datePublished":"2024-08-28T00:25:07+00:00","dateModified":"2024-08-28T00:25:07+00:00","author":{"@id":""},"breadcrumb":{"@id":"http:\/\/127.0.0.1\/vulnerabilidad-en-interactive-contact-form-and-multi-step-form-builder-con-editor-de-arrastrar-y-soltar-funnelforms-free-3-7-3-2-autorizacion-faltante-para-carga-de-medios-arbitrarios-no-aut\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["http:\/\/127.0.0.1\/vulnerabilidad-en-interactive-contact-form-and-multi-step-form-builder-con-editor-de-arrastrar-y-soltar-funnelforms-free-3-7-3-2-autorizacion-faltante-para-carga-de-medios-arbitrarios-no-aut\/"]}]},{"@type":"BreadcrumbList","@id":"http:\/\/127.0.0.1\/vulnerabilidad-en-interactive-contact-form-and-multi-step-form-builder-con-editor-de-arrastrar-y-soltar-funnelforms-free-3-7-3-2-autorizacion-faltante-para-carga-de-medios-arbitrarios-no-aut\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"http:\/\/127.0.0.1\/"},{"@type":"ListItem","position":2,"name":"Vulnerabilidad en Interactive Contact Form and Multi Step Form Builder con Editor de Arrastrar y Soltar – Funnelforms Free <= 3.7.3.2 – Autorizaci\u00f3n Faltante para Carga de Medios Arbitrarios No Autenticados"}]},{"@type":"WebSite","@id":"http:\/\/127.0.0.1\/#website","url":"http:\/\/127.0.0.1\/","name":"SeguridadWordPress.es","description":"Recopilaci\u00f3n de vulnerabilidades WordPress.","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"http:\/\/127.0.0.1\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"}]}},"amp_enabled":true,"_links":{"self":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts\/4598"}],"collection":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/comments?post=4598"}],"version-history":[{"count":0,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts\/4598\/revisions"}],"wp:attachment":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/media?parent=4598"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/categories?post=4598"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/tags?post=4598"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}