{"id":4610,"date":"2024-08-28T22:25:07","date_gmt":"2024-08-28T22:25:07","guid":{"rendered":"http:\/\/127.0.0.1\/vikinghammer-tweet-0-2-4-cross-site-request-forgery-a-cross-site-scripting-almacenado\/"},"modified":"2024-08-28T22:25:07","modified_gmt":"2024-08-28T22:25:07","slug":"vikinghammer-tweet-0-2-4-cross-site-request-forgery-a-cross-site-scripting-almacenado","status":"publish","type":"post","link":"http:\/\/127.0.0.1\/vikinghammer-tweet-0-2-4-cross-site-request-forgery-a-cross-site-scripting-almacenado\/","title":{"rendered":"Vikinghammer Tweet <= 0.2.4 – Cross-Site Request Forgery a Cross-Site Scripting almacenado"},"content":{"rendered":"
El plugin Vikinghammer Tweet para WordPress es vulnerable a Cross-Site Request Forgery en todas las versiones hasta, e incluyendo, la 0.2.4. Esto se debe a la falta o incorrecta validaci\u00f3n del nonce en una funci\u00f3n. Esto hace posible que atacantes no autenticados actualicen la configuraci\u00f3n del plugin e inyecten scripts web maliciosos a trav\u00e9s de una solicitud falsificada siempre que puedan enga\u00f1ar a un administrador del sitio para que realice una acci\u00f3n como hacer clic en un enlace.<\/div>\n

<\/p>\n

Para subsanar este problema, los usuarios afectados por esta vulnerabilidad en el plugin Vikinghammer Tweet deben asegurarse de actualizar a la \u00faltima versi\u00f3n disponible, ya que los desarrolladores suelen lanzar correcciones de seguridad en las actualizaciones. Adem\u00e1s, se recomienda implementar medidas de seguridad adicionales en el sitio, como configurar firewalls de aplicaciones web, utilizar plugins de seguridad y seguir las buenas pr\u00e1cticas de seguridad en WordPress.<\/div>\n
Es crucial estar al tanto de las vulnerabilidades y amenazas de seguridad en los plugins de WordPress y tomar r\u00e1pidamente medidas para proteger los sitios web. Mantenerse actualizado con las \u00faltimas actualizaciones y seguir las mejores pr\u00e1cticas de seguridad puede ayudar a prevenir ataques cibern\u00e9ticos y proteger la integridad de los sitios.<\/div>\n","protected":false},"excerpt":{"rendered":"

El plugin Vikinghammer Tweet para WordPress es vulnerable a Cross-Site Request Forgery en todas las versiones hasta, e incluyendo, la 0.2.4. Esto se debe a la falta o incorrecta validaci\u00f3n del nonce en una funci\u00f3n. Esto hace posible que atacantes no autenticados actualicen la configuraci\u00f3n del plugin e inyecten scripts web maliciosos a trav\u00e9s de […]<\/p>\n","protected":false},"author":0,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[2299],"class_list":["post-4610","post","type-post","status-publish","format-standard","hentry","category-uncategorized","tag-cve-2024-8043"],"yoast_head":"\nVikinghammer Tweet <= 0.2.4 - Cross-Site Request Forgery a Cross-Site Scripting almacenado - SeguridadWordPress.es<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"http:\/\/127.0.0.1\/vikinghammer-tweet-0-2-4-cross-site-request-forgery-a-cross-site-scripting-almacenado\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Vikinghammer Tweet <= 0.2.4 - Cross-Site Request Forgery a Cross-Site Scripting almacenado - SeguridadWordPress.es\" \/>\n<meta property=\"og:description\" content=\"El plugin Vikinghammer Tweet para WordPress es vulnerable a Cross-Site Request Forgery en todas las versiones hasta, e incluyendo, la 0.2.4. Esto se debe a la falta o incorrecta validaci\u00f3n del nonce en una funci\u00f3n. Esto hace posible que atacantes no autenticados actualicen la configuraci\u00f3n del plugin e inyecten scripts web maliciosos a trav\u00e9s de […]\" \/>\n<meta property=\"og:url\" content=\"http:\/\/127.0.0.1\/vikinghammer-tweet-0-2-4-cross-site-request-forgery-a-cross-site-scripting-almacenado\/\" \/>\n<meta property=\"og:site_name\" content=\"SeguridadWordPress.es\" \/>\n<meta property=\"article:published_time\" content=\"2024-08-28T22:25:07+00:00\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"http:\/\/127.0.0.1\/vikinghammer-tweet-0-2-4-cross-site-request-forgery-a-cross-site-scripting-almacenado\/\",\"url\":\"http:\/\/127.0.0.1\/vikinghammer-tweet-0-2-4-cross-site-request-forgery-a-cross-site-scripting-almacenado\/\",\"name\":\"Vikinghammer Tweet <= 0.2.4 - Cross-Site Request Forgery a Cross-Site Scripting almacenado - SeguridadWordPress.es\",\"isPartOf\":{\"@id\":\"http:\/\/127.0.0.1\/#website\"},\"datePublished\":\"2024-08-28T22:25:07+00:00\",\"dateModified\":\"2024-08-28T22:25:07+00:00\",\"author\":{\"@id\":\"\"},\"breadcrumb\":{\"@id\":\"http:\/\/127.0.0.1\/vikinghammer-tweet-0-2-4-cross-site-request-forgery-a-cross-site-scripting-almacenado\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"http:\/\/127.0.0.1\/vikinghammer-tweet-0-2-4-cross-site-request-forgery-a-cross-site-scripting-almacenado\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"http:\/\/127.0.0.1\/vikinghammer-tweet-0-2-4-cross-site-request-forgery-a-cross-site-scripting-almacenado\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"http:\/\/127.0.0.1\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Vikinghammer Tweet <= 0.2.4 – Cross-Site Request Forgery a Cross-Site Scripting almacenado\"}]},{\"@type\":\"WebSite\",\"@id\":\"http:\/\/127.0.0.1\/#website\",\"url\":\"http:\/\/127.0.0.1\/\",\"name\":\"SeguridadWordPress.es\",\"description\":\"Recopilaci\u00f3n de vulnerabilidades WordPress.\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"http:\/\/127.0.0.1\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Vikinghammer Tweet <= 0.2.4 - Cross-Site Request Forgery a Cross-Site Scripting almacenado - SeguridadWordPress.es","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"http:\/\/127.0.0.1\/vikinghammer-tweet-0-2-4-cross-site-request-forgery-a-cross-site-scripting-almacenado\/","og_locale":"en_US","og_type":"article","og_title":"Vikinghammer Tweet <= 0.2.4 - Cross-Site Request Forgery a Cross-Site Scripting almacenado - SeguridadWordPress.es","og_description":"El plugin Vikinghammer Tweet para WordPress es vulnerable a Cross-Site Request Forgery en todas las versiones hasta, e incluyendo, la 0.2.4. Esto se debe a la falta o incorrecta validaci\u00f3n del nonce en una funci\u00f3n. Esto hace posible que atacantes no autenticados actualicen la configuraci\u00f3n del plugin e inyecten scripts web maliciosos a trav\u00e9s de […]","og_url":"http:\/\/127.0.0.1\/vikinghammer-tweet-0-2-4-cross-site-request-forgery-a-cross-site-scripting-almacenado\/","og_site_name":"SeguridadWordPress.es","article_published_time":"2024-08-28T22:25:07+00:00","twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"http:\/\/127.0.0.1\/vikinghammer-tweet-0-2-4-cross-site-request-forgery-a-cross-site-scripting-almacenado\/","url":"http:\/\/127.0.0.1\/vikinghammer-tweet-0-2-4-cross-site-request-forgery-a-cross-site-scripting-almacenado\/","name":"Vikinghammer Tweet <= 0.2.4 - Cross-Site Request Forgery a Cross-Site Scripting almacenado - SeguridadWordPress.es","isPartOf":{"@id":"http:\/\/127.0.0.1\/#website"},"datePublished":"2024-08-28T22:25:07+00:00","dateModified":"2024-08-28T22:25:07+00:00","author":{"@id":""},"breadcrumb":{"@id":"http:\/\/127.0.0.1\/vikinghammer-tweet-0-2-4-cross-site-request-forgery-a-cross-site-scripting-almacenado\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["http:\/\/127.0.0.1\/vikinghammer-tweet-0-2-4-cross-site-request-forgery-a-cross-site-scripting-almacenado\/"]}]},{"@type":"BreadcrumbList","@id":"http:\/\/127.0.0.1\/vikinghammer-tweet-0-2-4-cross-site-request-forgery-a-cross-site-scripting-almacenado\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"http:\/\/127.0.0.1\/"},{"@type":"ListItem","position":2,"name":"Vikinghammer Tweet <= 0.2.4 – Cross-Site Request Forgery a Cross-Site Scripting almacenado"}]},{"@type":"WebSite","@id":"http:\/\/127.0.0.1\/#website","url":"http:\/\/127.0.0.1\/","name":"SeguridadWordPress.es","description":"Recopilaci\u00f3n de vulnerabilidades WordPress.","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"http:\/\/127.0.0.1\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"}]}},"amp_enabled":true,"_links":{"self":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts\/4610"}],"collection":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/comments?post=4610"}],"version-history":[{"count":0,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts\/4610\/revisions"}],"wp:attachment":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/media?parent=4610"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/categories?post=4610"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/tags?post=4610"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}