{"id":4604,"date":"2024-08-28T16:25:21","date_gmt":"2024-08-28T16:25:21","guid":{"rendered":"http:\/\/127.0.0.1\/vulnerabilidad-de-autorizacion-perdida-en-funnelforms-free-3-7-3-2\/"},"modified":"2024-08-28T16:25:21","modified_gmt":"2024-08-28T16:25:21","slug":"vulnerabilidad-de-autorizacion-perdida-en-funnelforms-free-3-7-3-2","status":"publish","type":"post","link":"http:\/\/127.0.0.1\/vulnerabilidad-de-autorizacion-perdida-en-funnelforms-free-3-7-3-2\/","title":{"rendered":"Vulnerabilidad de Autorizaci\u00f3n Perdida en Funnelforms Free <= 3.7.3.2"},"content":{"rendered":"
El plugin Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor – Funnelforms Free para WordPress es vulnerable a la p\u00e9rdida no autorizada de datos debido a la falta de verificaci\u00f3n de capacidad en la acci\u00f3n af2_handel_file_remove AJAX en todas las versiones hasta, e incluyendo, 3.7.3.2. Esto permite que atacantes no autenticados eliminen archivos de medios arbitrarios.<\/div>\n

<\/p>\n

La falta de autorizaci\u00f3n en el plugin Funnelforms Free <= 3.7.3.2 puede tener graves consecuencias, ya que un atacante sin autenticar podr\u00eda eliminar archivos multimedia importantes del sitio web. Para mitigar este riesgo, se recomienda a los usuarios actualizar el plugin a la versi\u00f3n m\u00e1s reciente disponible. Adem\u00e1s, es importante mantener siempre todos los plugins, temas y la propia plataforma de WordPress actualizados para reducir la exposici\u00f3n a vulnerabilidades conocidas.<\/div>\n
Dado que la vulnerabilidad CVE-2024-5857 en Funnelforms Free <= 3.7.3.2 puede ser aprovechada por atacantes no autenticados, es fundamental tomar medidas proactivas para proteger la integridad de los datos de su sitio web. Mantenerse al d\u00eda con las actualizaciones de seguridad y seguir buenas pr\u00e1cticas de gesti\u00f3n de plugins puede ayudar a prevenir posibles ataques.<\/div>\n","protected":false},"excerpt":{"rendered":"

El plugin Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor – Funnelforms Free para WordPress es vulnerable a la p\u00e9rdida no autorizada de datos debido a la falta de verificaci\u00f3n de capacidad en la acci\u00f3n af2_handel_file_remove AJAX en todas las versiones hasta, e incluyendo, 3.7.3.2. Esto permite que atacantes no […]<\/p>\n","protected":false},"author":0,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[2293],"class_list":["post-4604","post","type-post","status-publish","format-standard","hentry","category-uncategorized","tag-cve-2024-5857"],"yoast_head":"\nVulnerabilidad de Autorizaci\u00f3n Perdida en Funnelforms Free <= 3.7.3.2 - SeguridadWordPress.es<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"http:\/\/127.0.0.1\/vulnerabilidad-de-autorizacion-perdida-en-funnelforms-free-3-7-3-2\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Vulnerabilidad de Autorizaci\u00f3n Perdida en Funnelforms Free <= 3.7.3.2 - SeguridadWordPress.es\" \/>\n<meta property=\"og:description\" content=\"El plugin Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor – Funnelforms Free para WordPress es vulnerable a la p\u00e9rdida no autorizada de datos debido a la falta de verificaci\u00f3n de capacidad en la acci\u00f3n af2_handel_file_remove AJAX en todas las versiones hasta, e incluyendo, 3.7.3.2. Esto permite que atacantes no […]\" \/>\n<meta property=\"og:url\" content=\"http:\/\/127.0.0.1\/vulnerabilidad-de-autorizacion-perdida-en-funnelforms-free-3-7-3-2\/\" \/>\n<meta property=\"og:site_name\" content=\"SeguridadWordPress.es\" \/>\n<meta property=\"article:published_time\" content=\"2024-08-28T16:25:21+00:00\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"http:\/\/127.0.0.1\/vulnerabilidad-de-autorizacion-perdida-en-funnelforms-free-3-7-3-2\/\",\"url\":\"http:\/\/127.0.0.1\/vulnerabilidad-de-autorizacion-perdida-en-funnelforms-free-3-7-3-2\/\",\"name\":\"Vulnerabilidad de Autorizaci\u00f3n Perdida en Funnelforms Free <= 3.7.3.2 - SeguridadWordPress.es\",\"isPartOf\":{\"@id\":\"http:\/\/127.0.0.1\/#website\"},\"datePublished\":\"2024-08-28T16:25:21+00:00\",\"dateModified\":\"2024-08-28T16:25:21+00:00\",\"author\":{\"@id\":\"\"},\"breadcrumb\":{\"@id\":\"http:\/\/127.0.0.1\/vulnerabilidad-de-autorizacion-perdida-en-funnelforms-free-3-7-3-2\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"http:\/\/127.0.0.1\/vulnerabilidad-de-autorizacion-perdida-en-funnelforms-free-3-7-3-2\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"http:\/\/127.0.0.1\/vulnerabilidad-de-autorizacion-perdida-en-funnelforms-free-3-7-3-2\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"http:\/\/127.0.0.1\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Vulnerabilidad de Autorizaci\u00f3n Perdida en Funnelforms Free <= 3.7.3.2\"}]},{\"@type\":\"WebSite\",\"@id\":\"http:\/\/127.0.0.1\/#website\",\"url\":\"http:\/\/127.0.0.1\/\",\"name\":\"SeguridadWordPress.es\",\"description\":\"Recopilaci\u00f3n de vulnerabilidades WordPress.\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"http:\/\/127.0.0.1\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Vulnerabilidad de Autorizaci\u00f3n Perdida en Funnelforms Free <= 3.7.3.2 - SeguridadWordPress.es","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"http:\/\/127.0.0.1\/vulnerabilidad-de-autorizacion-perdida-en-funnelforms-free-3-7-3-2\/","og_locale":"en_US","og_type":"article","og_title":"Vulnerabilidad de Autorizaci\u00f3n Perdida en Funnelforms Free <= 3.7.3.2 - SeguridadWordPress.es","og_description":"El plugin Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor – Funnelforms Free para WordPress es vulnerable a la p\u00e9rdida no autorizada de datos debido a la falta de verificaci\u00f3n de capacidad en la acci\u00f3n af2_handel_file_remove AJAX en todas las versiones hasta, e incluyendo, 3.7.3.2. Esto permite que atacantes no […]","og_url":"http:\/\/127.0.0.1\/vulnerabilidad-de-autorizacion-perdida-en-funnelforms-free-3-7-3-2\/","og_site_name":"SeguridadWordPress.es","article_published_time":"2024-08-28T16:25:21+00:00","twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"http:\/\/127.0.0.1\/vulnerabilidad-de-autorizacion-perdida-en-funnelforms-free-3-7-3-2\/","url":"http:\/\/127.0.0.1\/vulnerabilidad-de-autorizacion-perdida-en-funnelforms-free-3-7-3-2\/","name":"Vulnerabilidad de Autorizaci\u00f3n Perdida en Funnelforms Free <= 3.7.3.2 - SeguridadWordPress.es","isPartOf":{"@id":"http:\/\/127.0.0.1\/#website"},"datePublished":"2024-08-28T16:25:21+00:00","dateModified":"2024-08-28T16:25:21+00:00","author":{"@id":""},"breadcrumb":{"@id":"http:\/\/127.0.0.1\/vulnerabilidad-de-autorizacion-perdida-en-funnelforms-free-3-7-3-2\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["http:\/\/127.0.0.1\/vulnerabilidad-de-autorizacion-perdida-en-funnelforms-free-3-7-3-2\/"]}]},{"@type":"BreadcrumbList","@id":"http:\/\/127.0.0.1\/vulnerabilidad-de-autorizacion-perdida-en-funnelforms-free-3-7-3-2\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"http:\/\/127.0.0.1\/"},{"@type":"ListItem","position":2,"name":"Vulnerabilidad de Autorizaci\u00f3n Perdida en Funnelforms Free <= 3.7.3.2"}]},{"@type":"WebSite","@id":"http:\/\/127.0.0.1\/#website","url":"http:\/\/127.0.0.1\/","name":"SeguridadWordPress.es","description":"Recopilaci\u00f3n de vulnerabilidades WordPress.","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"http:\/\/127.0.0.1\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"}]}},"amp_enabled":true,"_links":{"self":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts\/4604"}],"collection":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/comments?post=4604"}],"version-history":[{"count":0,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts\/4604\/revisions"}],"wp:attachment":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/media?parent=4604"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/categories?post=4604"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/tags?post=4604"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}