{"id":4675,"date":"2024-09-05T19:25:17","date_gmt":"2024-09-05T19:25:17","guid":{"rendered":"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-almacenado-en-wp-adcenter-ad-manager-adsense-ads-2-5-6\/"},"modified":"2024-09-05T19:25:17","modified_gmt":"2024-09-05T19:25:17","slug":"vulnerabilidad-de-cross-site-scripting-almacenado-en-wp-adcenter-ad-manager-adsense-ads-2-5-6","status":"publish","type":"post","link":"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-almacenado-en-wp-adcenter-ad-manager-adsense-ads-2-5-6\/","title":{"rendered":"Vulnerabilidad de Cross-Site Scripting almacenado en WP AdCenter – Ad Manager & Adsense Ads <= 2.5.6"},"content":{"rendered":"
El plugin WP AdCenter – Ad Manager & Adsense Ads para WordPress es vulnerable a ataques de Cross-Site Scripting almacenado a trav\u00e9s del atributo ‘ad_alignment’ en todas las versiones hasta, e incluyendo, la 2.5.6 debido a una sanitizaci\u00f3n insuficiente de la entrada y escapado de la salida. Esto permite a atacantes autenticados, con acceso de nivel Contribuidor y superior, inyectar scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada.<\/div>\n

<\/p>\n

La vulnerabilidad de Cross-Site Scripting almacenado en el plugin WP AdCenter – Ad Manager & Adsense Ads <= 2.5.6, con el ID CVE CVE-2024-8317, representa un riesgo para los sitios web que lo utilizan. Los usuarios deben aplicar de inmediato la \u00faltima versi\u00f3n del plugin, en este caso la 2.5.7, que corrige este problema de seguridad. Adem\u00e1s, se recomienda restringir los permisos de los usuarios para reducir el riesgo de exploits futuros.<\/div>\n
Es fundamental que los usuarios de WP AdCenter – Ad Manager & Adsense Ads actualicen a la versi\u00f3n 2.5.7 para mitigar el riesgo de ataques de Cross-Site Scripting almacenado. La seguridad de un sitio web es responsabilidad de todos los involucrados, por lo que se deben tomar medidas proactivas para proteger la integridad de la plataforma.<\/div>\n","protected":false},"excerpt":{"rendered":"

El plugin WP AdCenter – Ad Manager & Adsense Ads para WordPress es vulnerable a ataques de Cross-Site Scripting almacenado a trav\u00e9s del atributo ‘ad_alignment’ en todas las versiones hasta, e incluyendo, la 2.5.6 debido a una sanitizaci\u00f3n insuficiente de la entrada y escapado de la salida. Esto permite a atacantes autenticados, con acceso de […]<\/p>\n","protected":false},"author":0,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[2367],"class_list":["post-4675","post","type-post","status-publish","format-standard","hentry","category-uncategorized","tag-cve-2024-8317"],"yoast_head":"\nVulnerabilidad de Cross-Site Scripting almacenado en WP AdCenter - Ad Manager & Adsense Ads <= 2.5.6 - SeguridadWordPress.es<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-almacenado-en-wp-adcenter-ad-manager-adsense-ads-2-5-6\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Vulnerabilidad de Cross-Site Scripting almacenado en WP AdCenter - Ad Manager & Adsense Ads <= 2.5.6 - SeguridadWordPress.es\" \/>\n<meta property=\"og:description\" content=\"El plugin WP AdCenter – Ad Manager & Adsense Ads para WordPress es vulnerable a ataques de Cross-Site Scripting almacenado a trav\u00e9s del atributo ‘ad_alignment’ en todas las versiones hasta, e incluyendo, la 2.5.6 debido a una sanitizaci\u00f3n insuficiente de la entrada y escapado de la salida. Esto permite a atacantes autenticados, con acceso de […]\" \/>\n<meta property=\"og:url\" content=\"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-almacenado-en-wp-adcenter-ad-manager-adsense-ads-2-5-6\/\" \/>\n<meta property=\"og:site_name\" content=\"SeguridadWordPress.es\" \/>\n<meta property=\"article:published_time\" content=\"2024-09-05T19:25:17+00:00\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-almacenado-en-wp-adcenter-ad-manager-adsense-ads-2-5-6\/\",\"url\":\"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-almacenado-en-wp-adcenter-ad-manager-adsense-ads-2-5-6\/\",\"name\":\"Vulnerabilidad de Cross-Site Scripting almacenado en WP AdCenter - Ad Manager & Adsense Ads <= 2.5.6 - SeguridadWordPress.es\",\"isPartOf\":{\"@id\":\"http:\/\/127.0.0.1\/#website\"},\"datePublished\":\"2024-09-05T19:25:17+00:00\",\"dateModified\":\"2024-09-05T19:25:17+00:00\",\"author\":{\"@id\":\"\"},\"breadcrumb\":{\"@id\":\"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-almacenado-en-wp-adcenter-ad-manager-adsense-ads-2-5-6\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-almacenado-en-wp-adcenter-ad-manager-adsense-ads-2-5-6\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-almacenado-en-wp-adcenter-ad-manager-adsense-ads-2-5-6\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"http:\/\/127.0.0.1\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Vulnerabilidad de Cross-Site Scripting almacenado en WP AdCenter – Ad Manager & Adsense Ads <= 2.5.6\"}]},{\"@type\":\"WebSite\",\"@id\":\"http:\/\/127.0.0.1\/#website\",\"url\":\"http:\/\/127.0.0.1\/\",\"name\":\"SeguridadWordPress.es\",\"description\":\"Recopilaci\u00f3n de vulnerabilidades WordPress.\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"http:\/\/127.0.0.1\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Vulnerabilidad de Cross-Site Scripting almacenado en WP AdCenter - Ad Manager & Adsense Ads <= 2.5.6 - SeguridadWordPress.es","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-almacenado-en-wp-adcenter-ad-manager-adsense-ads-2-5-6\/","og_locale":"en_US","og_type":"article","og_title":"Vulnerabilidad de Cross-Site Scripting almacenado en WP AdCenter - Ad Manager & Adsense Ads <= 2.5.6 - SeguridadWordPress.es","og_description":"El plugin WP AdCenter – Ad Manager & Adsense Ads para WordPress es vulnerable a ataques de Cross-Site Scripting almacenado a trav\u00e9s del atributo ‘ad_alignment’ en todas las versiones hasta, e incluyendo, la 2.5.6 debido a una sanitizaci\u00f3n insuficiente de la entrada y escapado de la salida. Esto permite a atacantes autenticados, con acceso de […]","og_url":"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-almacenado-en-wp-adcenter-ad-manager-adsense-ads-2-5-6\/","og_site_name":"SeguridadWordPress.es","article_published_time":"2024-09-05T19:25:17+00:00","twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-almacenado-en-wp-adcenter-ad-manager-adsense-ads-2-5-6\/","url":"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-almacenado-en-wp-adcenter-ad-manager-adsense-ads-2-5-6\/","name":"Vulnerabilidad de Cross-Site Scripting almacenado en WP AdCenter - Ad Manager & Adsense Ads <= 2.5.6 - SeguridadWordPress.es","isPartOf":{"@id":"http:\/\/127.0.0.1\/#website"},"datePublished":"2024-09-05T19:25:17+00:00","dateModified":"2024-09-05T19:25:17+00:00","author":{"@id":""},"breadcrumb":{"@id":"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-almacenado-en-wp-adcenter-ad-manager-adsense-ads-2-5-6\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-almacenado-en-wp-adcenter-ad-manager-adsense-ads-2-5-6\/"]}]},{"@type":"BreadcrumbList","@id":"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-almacenado-en-wp-adcenter-ad-manager-adsense-ads-2-5-6\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"http:\/\/127.0.0.1\/"},{"@type":"ListItem","position":2,"name":"Vulnerabilidad de Cross-Site Scripting almacenado en WP AdCenter – Ad Manager & Adsense Ads <= 2.5.6"}]},{"@type":"WebSite","@id":"http:\/\/127.0.0.1\/#website","url":"http:\/\/127.0.0.1\/","name":"SeguridadWordPress.es","description":"Recopilaci\u00f3n de vulnerabilidades WordPress.","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"http:\/\/127.0.0.1\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"}]}},"amp_enabled":true,"_links":{"self":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts\/4675"}],"collection":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/comments?post=4675"}],"version-history":[{"count":0,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts\/4675\/revisions"}],"wp:attachment":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/media?parent=4675"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/categories?post=4675"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/tags?post=4675"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}