{"id":4620,"date":"2024-08-29T16:25:08","date_gmt":"2024-08-29T16:25:08","guid":{"rendered":"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-en-el-plugin-hubspot-para-wordpress\/"},"modified":"2024-08-29T16:25:08","modified_gmt":"2024-08-29T16:25:08","slug":"vulnerabilidad-de-cross-site-scripting-en-el-plugin-hubspot-para-wordpress","status":"publish","type":"post","link":"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-en-el-plugin-hubspot-para-wordpress\/","title":{"rendered":"Vulnerabilidad de Cross-Site Scripting en el plugin HubSpot para WordPress"},"content":{"rendered":"
El plugin HubSpot – CRM, Email Marketing, Live Chat, Forms & Analytics para WordPress presenta una vulnerabilidad de Cross-Site Scripting almacenado a trav\u00e9s del atributo ‘url’ del Widget de Reuniones de HubSpot en todas las versiones hasta, e incluyendo, 11.1.22. Esto permite a atacantes autenticados, con acceso de Contribuidor y superior, inyectar scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cuando un usuario acceda a una p\u00e1gina inyectada.<\/div>\n

<\/p>\n

La vulnerabilidad de Cross-Site Scripting almacenado en el plugin HubSpot para WordPress (CVE-2024-5879) se produce debido a una insuficiente sanitizaci\u00f3n de entrada y escape de salida. Los atacantes pueden aprovechar esta falla para inyectar scripts maliciosos en las p\u00e1ginas de un sitio web utilizando el Widget de Reuniones de HubSpot. Para mitigar este riesgo, se recomienda a los usuarios actualizar el plugin a la versi\u00f3n m\u00e1s reciente disponible y revisar continuamente la seguridad de su sitio WordPress.<\/div>\n
Es crucial que los administradores de sitios web que utilizan el plugin HubSpot para WordPress est\u00e9n al tanto de esta vulnerabilidad de seguridad y tomen medidas para proteger sus sitios. Mantener todos los plugins y temas actualizados, implementar medidas de seguridad adicionales y realizar auditor\u00edas de seguridad peri\u00f3dicas son buenas pr\u00e1cticas para mantener la integridad de un sitio web WordPress.<\/div>\n","protected":false},"excerpt":{"rendered":"

El plugin HubSpot – CRM, Email Marketing, Live Chat, Forms & Analytics para WordPress presenta una vulnerabilidad de Cross-Site Scripting almacenado a trav\u00e9s del atributo ‘url’ del Widget de Reuniones de HubSpot en todas las versiones hasta, e incluyendo, 11.1.22. Esto permite a atacantes autenticados, con acceso de Contribuidor y superior, inyectar scripts web arbitrarios […]<\/p>\n","protected":false},"author":0,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[2309],"class_list":["post-4620","post","type-post","status-publish","format-standard","hentry","category-uncategorized","tag-cve-2024-5879"],"yoast_head":"\nVulnerabilidad de Cross-Site Scripting en el plugin HubSpot para WordPress - SeguridadWordPress.es<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-en-el-plugin-hubspot-para-wordpress\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Vulnerabilidad de Cross-Site Scripting en el plugin HubSpot para WordPress - SeguridadWordPress.es\" \/>\n<meta property=\"og:description\" content=\"El plugin HubSpot – CRM, Email Marketing, Live Chat, Forms & Analytics para WordPress presenta una vulnerabilidad de Cross-Site Scripting almacenado a trav\u00e9s del atributo ‘url’ del Widget de Reuniones de HubSpot en todas las versiones hasta, e incluyendo, 11.1.22. Esto permite a atacantes autenticados, con acceso de Contribuidor y superior, inyectar scripts web arbitrarios […]\" \/>\n<meta property=\"og:url\" content=\"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-en-el-plugin-hubspot-para-wordpress\/\" \/>\n<meta property=\"og:site_name\" content=\"SeguridadWordPress.es\" \/>\n<meta property=\"article:published_time\" content=\"2024-08-29T16:25:08+00:00\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-en-el-plugin-hubspot-para-wordpress\/\",\"url\":\"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-en-el-plugin-hubspot-para-wordpress\/\",\"name\":\"Vulnerabilidad de Cross-Site Scripting en el plugin HubSpot para WordPress - SeguridadWordPress.es\",\"isPartOf\":{\"@id\":\"http:\/\/127.0.0.1\/#website\"},\"datePublished\":\"2024-08-29T16:25:08+00:00\",\"dateModified\":\"2024-08-29T16:25:08+00:00\",\"author\":{\"@id\":\"\"},\"breadcrumb\":{\"@id\":\"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-en-el-plugin-hubspot-para-wordpress\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-en-el-plugin-hubspot-para-wordpress\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-en-el-plugin-hubspot-para-wordpress\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"http:\/\/127.0.0.1\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Vulnerabilidad de Cross-Site Scripting en el plugin HubSpot para WordPress\"}]},{\"@type\":\"WebSite\",\"@id\":\"http:\/\/127.0.0.1\/#website\",\"url\":\"http:\/\/127.0.0.1\/\",\"name\":\"SeguridadWordPress.es\",\"description\":\"Recopilaci\u00f3n de vulnerabilidades WordPress.\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"http:\/\/127.0.0.1\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Vulnerabilidad de Cross-Site Scripting en el plugin HubSpot para WordPress - SeguridadWordPress.es","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-en-el-plugin-hubspot-para-wordpress\/","og_locale":"en_US","og_type":"article","og_title":"Vulnerabilidad de Cross-Site Scripting en el plugin HubSpot para WordPress - SeguridadWordPress.es","og_description":"El plugin HubSpot – CRM, Email Marketing, Live Chat, Forms & Analytics para WordPress presenta una vulnerabilidad de Cross-Site Scripting almacenado a trav\u00e9s del atributo ‘url’ del Widget de Reuniones de HubSpot en todas las versiones hasta, e incluyendo, 11.1.22. Esto permite a atacantes autenticados, con acceso de Contribuidor y superior, inyectar scripts web arbitrarios […]","og_url":"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-en-el-plugin-hubspot-para-wordpress\/","og_site_name":"SeguridadWordPress.es","article_published_time":"2024-08-29T16:25:08+00:00","twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-en-el-plugin-hubspot-para-wordpress\/","url":"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-en-el-plugin-hubspot-para-wordpress\/","name":"Vulnerabilidad de Cross-Site Scripting en el plugin HubSpot para WordPress - SeguridadWordPress.es","isPartOf":{"@id":"http:\/\/127.0.0.1\/#website"},"datePublished":"2024-08-29T16:25:08+00:00","dateModified":"2024-08-29T16:25:08+00:00","author":{"@id":""},"breadcrumb":{"@id":"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-en-el-plugin-hubspot-para-wordpress\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-en-el-plugin-hubspot-para-wordpress\/"]}]},{"@type":"BreadcrumbList","@id":"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-en-el-plugin-hubspot-para-wordpress\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"http:\/\/127.0.0.1\/"},{"@type":"ListItem","position":2,"name":"Vulnerabilidad de Cross-Site Scripting en el plugin HubSpot para WordPress"}]},{"@type":"WebSite","@id":"http:\/\/127.0.0.1\/#website","url":"http:\/\/127.0.0.1\/","name":"SeguridadWordPress.es","description":"Recopilaci\u00f3n de vulnerabilidades WordPress.","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"http:\/\/127.0.0.1\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"}]}},"amp_enabled":true,"_links":{"self":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts\/4620"}],"collection":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/comments?post=4620"}],"version-history":[{"count":0,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts\/4620\/revisions"}],"wp:attachment":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/media?parent=4620"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/categories?post=4620"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/tags?post=4620"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}