{"id":5180,"date":"2024-10-31T09:45:15","date_gmt":"2024-10-31T09:45:15","guid":{"rendered":"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-xss-en-sip-reviews-shortcode-para-woocommerce-1-2-3\/"},"modified":"2024-10-31T09:45:15","modified_gmt":"2024-10-31T09:45:15","slug":"vulnerabilidad-de-cross-site-scripting-xss-en-sip-reviews-shortcode-para-woocommerce-1-2-3","status":"publish","type":"post","link":"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-xss-en-sip-reviews-shortcode-para-woocommerce-1-2-3\/","title":{"rendered":"Vulnerabilidad de Cross-Site Scripting (XSS) en SIP Reviews Shortcode para WooCommerce <= 1.2.3"},"content":{"rendered":"
El plugin SIP Reviews Shortcode para WooCommerce en WordPress es vulnerable a Cross-Site Scripting almacenado a trav\u00e9s del atributo ‘no_of_reviews’ en el shortcode woocommerce_reviews en todas las versiones hasta, e incluyendo, la 1.2.3 debido a una sanitizaci\u00f3n insuficiente de la entrada y escape de la salida en atributos proporcionados por el usuario. Esto permite a atacantes autenticados, con acceso de nivel de contribuidor y superior, inyectar scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada.<\/div>\n

<\/p>\n

La vulnerabilidad identificada como CVE-2024-6480 en el plugin SIP Reviews Shortcode para WooCommerce <= 1.2.3 representa una amenaza de seguridad para los usuarios de WordPress que conf\u00edan en este plugin para mostrar rese\u00f1as de productos en sus tiendas en l\u00ednea. Para subsanar este problema, se recomienda a los usuarios actualizar el plugin a la \u00faltima versi\u00f3n disponible, en la cual se hayan corregido estas vulnerabilidades. Adem\u00e1s, se aconseja a los usuarios mantener todos los plugins y temas de WordPress actualizados regularmente, as\u00ed como implementar pr\u00e1cticas de seguridad adicionales como la limitaci\u00f3n de permisos de usuario para reducir la superficie de ataque.<\/div>\n
Es fundamental para los administradores de sitios web de WooCommerce y usuarios de WordPress estar al tanto de las vulnerabilidades de seguridad en plugins y temas utilizados en sus sitios. La r\u00e1pida actuaci\u00f3n para parchear estas vulnerabilidades ayudar\u00e1 a mantener la seguridad de los sitios web y proteger la informaci\u00f3n sensible de sus usuarios.<\/div>\n","protected":false},"excerpt":{"rendered":"

El plugin SIP Reviews Shortcode para WooCommerce en WordPress es vulnerable a Cross-Site Scripting almacenado a trav\u00e9s del atributo ‘no_of_reviews’ en el shortcode woocommerce_reviews en todas las versiones hasta, e incluyendo, la 1.2.3 debido a una sanitizaci\u00f3n insuficiente de la entrada y escape de la salida en atributos proporcionados por el usuario. Esto permite a […]<\/p>\n","protected":false},"author":0,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[2868],"class_list":["post-5180","post","type-post","status-publish","format-standard","hentry","category-uncategorized","tag-cve-2024-6480"],"yoast_head":"\nVulnerabilidad de Cross-Site Scripting (XSS) en SIP Reviews Shortcode para WooCommerce <= 1.2.3 - SeguridadWordPress.es<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-xss-en-sip-reviews-shortcode-para-woocommerce-1-2-3\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Vulnerabilidad de Cross-Site Scripting (XSS) en SIP Reviews Shortcode para WooCommerce <= 1.2.3 - SeguridadWordPress.es\" \/>\n<meta property=\"og:description\" content=\"El plugin SIP Reviews Shortcode para WooCommerce en WordPress es vulnerable a Cross-Site Scripting almacenado a trav\u00e9s del atributo ‘no_of_reviews’ en el shortcode woocommerce_reviews en todas las versiones hasta, e incluyendo, la 1.2.3 debido a una sanitizaci\u00f3n insuficiente de la entrada y escape de la salida en atributos proporcionados por el usuario. Esto permite a […]\" \/>\n<meta property=\"og:url\" content=\"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-xss-en-sip-reviews-shortcode-para-woocommerce-1-2-3\/\" \/>\n<meta property=\"og:site_name\" content=\"SeguridadWordPress.es\" \/>\n<meta property=\"article:published_time\" content=\"2024-10-31T09:45:15+00:00\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-xss-en-sip-reviews-shortcode-para-woocommerce-1-2-3\/\",\"url\":\"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-xss-en-sip-reviews-shortcode-para-woocommerce-1-2-3\/\",\"name\":\"Vulnerabilidad de Cross-Site Scripting (XSS) en SIP Reviews Shortcode para WooCommerce <= 1.2.3 - SeguridadWordPress.es\",\"isPartOf\":{\"@id\":\"http:\/\/127.0.0.1\/#website\"},\"datePublished\":\"2024-10-31T09:45:15+00:00\",\"dateModified\":\"2024-10-31T09:45:15+00:00\",\"author\":{\"@id\":\"\"},\"breadcrumb\":{\"@id\":\"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-xss-en-sip-reviews-shortcode-para-woocommerce-1-2-3\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-xss-en-sip-reviews-shortcode-para-woocommerce-1-2-3\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-xss-en-sip-reviews-shortcode-para-woocommerce-1-2-3\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"http:\/\/127.0.0.1\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Vulnerabilidad de Cross-Site Scripting (XSS) en SIP Reviews Shortcode para WooCommerce <= 1.2.3\"}]},{\"@type\":\"WebSite\",\"@id\":\"http:\/\/127.0.0.1\/#website\",\"url\":\"http:\/\/127.0.0.1\/\",\"name\":\"SeguridadWordPress.es\",\"description\":\"Recopilaci\u00f3n de vulnerabilidades WordPress.\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"http:\/\/127.0.0.1\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Vulnerabilidad de Cross-Site Scripting (XSS) en SIP Reviews Shortcode para WooCommerce <= 1.2.3 - SeguridadWordPress.es","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-xss-en-sip-reviews-shortcode-para-woocommerce-1-2-3\/","og_locale":"en_US","og_type":"article","og_title":"Vulnerabilidad de Cross-Site Scripting (XSS) en SIP Reviews Shortcode para WooCommerce <= 1.2.3 - SeguridadWordPress.es","og_description":"El plugin SIP Reviews Shortcode para WooCommerce en WordPress es vulnerable a Cross-Site Scripting almacenado a trav\u00e9s del atributo ‘no_of_reviews’ en el shortcode woocommerce_reviews en todas las versiones hasta, e incluyendo, la 1.2.3 debido a una sanitizaci\u00f3n insuficiente de la entrada y escape de la salida en atributos proporcionados por el usuario. Esto permite a […]","og_url":"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-xss-en-sip-reviews-shortcode-para-woocommerce-1-2-3\/","og_site_name":"SeguridadWordPress.es","article_published_time":"2024-10-31T09:45:15+00:00","twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-xss-en-sip-reviews-shortcode-para-woocommerce-1-2-3\/","url":"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-xss-en-sip-reviews-shortcode-para-woocommerce-1-2-3\/","name":"Vulnerabilidad de Cross-Site Scripting (XSS) en SIP Reviews Shortcode para WooCommerce <= 1.2.3 - SeguridadWordPress.es","isPartOf":{"@id":"http:\/\/127.0.0.1\/#website"},"datePublished":"2024-10-31T09:45:15+00:00","dateModified":"2024-10-31T09:45:15+00:00","author":{"@id":""},"breadcrumb":{"@id":"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-xss-en-sip-reviews-shortcode-para-woocommerce-1-2-3\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-xss-en-sip-reviews-shortcode-para-woocommerce-1-2-3\/"]}]},{"@type":"BreadcrumbList","@id":"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-xss-en-sip-reviews-shortcode-para-woocommerce-1-2-3\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"http:\/\/127.0.0.1\/"},{"@type":"ListItem","position":2,"name":"Vulnerabilidad de Cross-Site Scripting (XSS) en SIP Reviews Shortcode para WooCommerce <= 1.2.3"}]},{"@type":"WebSite","@id":"http:\/\/127.0.0.1\/#website","url":"http:\/\/127.0.0.1\/","name":"SeguridadWordPress.es","description":"Recopilaci\u00f3n de vulnerabilidades WordPress.","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"http:\/\/127.0.0.1\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"}]}},"amp_enabled":true,"_links":{"self":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts\/5180"}],"collection":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/comments?post=5180"}],"version-history":[{"count":0,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts\/5180\/revisions"}],"wp:attachment":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/media?parent=5180"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/categories?post=5180"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/tags?post=5180"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}