{"id":4628,"date":"2024-08-29T20:25:09","date_gmt":"2024-08-29T20:25:09","guid":{"rendered":"http:\/\/127.0.0.1\/tourfic-2-11-20-vulnerabilidad-de-cross-site-request-forgery-en-multiples-funciones\/"},"modified":"2024-08-29T20:25:09","modified_gmt":"2024-08-29T20:25:09","slug":"tourfic-2-11-20-vulnerabilidad-de-cross-site-request-forgery-en-multiples-funciones","status":"publish","type":"post","link":"http:\/\/127.0.0.1\/tourfic-2-11-20-vulnerabilidad-de-cross-site-request-forgery-en-multiples-funciones\/","title":{"rendered":"Tourfic <= 2.11.20 – Vulnerabilidad de Cross-Site Request Forgery en M\u00faltiples Funciones"},"content":{"rendered":"
<\/p>\n
El plugin Tourfic para WordPress es vulnerable a Cross-Site Request Forgery en todas las versiones hasta, e incluyendo, la 2.11.20. Esta vulnerabilidad se debe a la falta o validaci\u00f3n incorrecta de nonce en las funciones tf_order_status_email_resend_function, tf_visitor_details_edit_function, tf_checkinout_details_edit_function, tf_order_status_edit_function, tf_order_bulk_action_edit_function, tf_remove_room_order_ids y tf_delete_old_review_fields. Esto permite a atacantes no autenticados reenviar correos electr\u00f3nicos de estado de […]<\/p>\n","protected":false},"author":0,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[2317],"class_list":["post-4628","post","type-post","status-publish","format-standard","hentry","category-uncategorized","tag-cve-2024-8319"],"yoast_head":"\n