{"id":1860,"date":"2020-02-19T15:40:04","date_gmt":"2020-02-19T20:40:04","guid":{"rendered":"https:\/\/cert.pa\/?p=1860"},"modified":"2020-02-19T15:40:04","modified_gmt":"2020-02-19T20:40:04","slug":"csirt-panama-aviso-2020-02-19-problema-critico-con-el-plugin-themegrill-demo-importer-de-wordpress","status":"publish","type":"post","link":"https:\/\/cert.pa\/?p=1860","title":{"rendered":"CSIRT Panam\u00e1 Aviso 2020-02-19 Problema cr\u00edtico con el plugin ThemeGrill Demo Importer de WordPress"},"content":{"rendered":"\n<p> Gravedad: Alta<br> Fecha de publicaci\u00f3n: 19 de febrero de 2020<br> Fuente: <a href=\"https:\/\/thehackernews.com\/\">https:\/\/thehackernews.com\/<\/a><br>                <a href=\"https:\/\/www.webarxsecurity.com\/\">https:\/\/www.webarxsecurity.com\/<\/a><\/p>\n\n\n\n<p>Sistemas Afectados<br>\nThemeGrill Demo Importer versi\u00f3n 1.3.4 hasta 1.6.1<\/p>\n\n\n\n<p><strong>I. Descripci\u00f3n<\/strong><br>Un popular complemento de tema de WordPress con m\u00e1s de 200,000 instalaciones activas contiene una vulnerabilidad de software severa pero f\u00e1cil de explotar, que si no se parchea, podr\u00eda permitir que los atacantes remotos no autenticados comprometan una amplia gama de sitios web y blogs.<br>La falla eventualmente podr\u00eda permitir a los atacantes remotos no autenticados borrar toda la base de datos de sitios web espec\u00edficos a su estado predeterminado, despu\u00e9s de lo cual tambi\u00e9n se iniciar\u00e1n sesi\u00f3n autom\u00e1ticamente como administrador, lo que les permitir\u00e1 tomar el control total de los sitios.<\/p>\n\n\n\n<p><strong>II. Soluci\u00f3n<\/strong><br>Se recomienda descargar el parche con la versi\u00f3n 1.6.2 en el siguiente enlace: <br> <a href=\"https:\/\/plugins.trac.wordpress.org\/changeset?sfp_email=&amp;sfph_mail=&amp;reponame=&amp;new=2245070%40themegrill-demo-importer%2Ftrunk&amp;old=2190304%40themegrill-demo-importer%2Ftrunk&amp;sfp_email=&amp;sfph_mail=\">https:\/\/plugins.trac.wordpress.org\/changeset?sfp_email=&amp;sfph_mail=&amp;reponame=&amp;new=2245070%40themegrill-demo-importer%2Ftrunk&amp;old=2190304%40themegrill-demo-importer%2Ftrunk&amp;sfp_email=&amp;sfph_mail=<\/a><\/p>\n\n\n\n<p><strong>III. Referencia a soluciones, herramientas e informaci\u00f3n<\/strong><br><a href=\"https:\/\/thehackernews.com\/2020\/02\/themegrill-wordpress-plugin.html?m=1\">https:\/\/thehackernews.com\/2020\/02\/themegrill-wordpress-plugin.html?m=1<\/a><br><a href=\"https:\/\/www.webarxsecurity.com\/critical-issue-in-themegrill-demo-importer\/\">https:\/\/www.webarxsecurity.com\/critical-issue-in-themegrill-demo-importer\/<\/a><\/p>\n\n\n\n<p><strong>IV. Informaci\u00f3n de contacto<\/strong><br> CSIRT PANAMA<br> Autoridad Nacional para la Innovaci\u00f3n Gubernamental<br> E-Mail: info@cert.pa<br> Web: http:\/\/www.cert.pa<br> Tu vida digital en internet<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Gravedad: Alta Fecha de publicaci\u00f3n: 19 de febrero de 2020 Fuente: https:\/\/thehackernews.com\/ https:\/\/www.webarxsecurity.com\/ Sistemas Afectados ThemeGrill Demo Importer versi\u00f3n 1.3.4 hasta 1.6.1 I. Descripci\u00f3nUn popular complemento de tema de WordPress con m\u00e1s de 200,000 instalaciones&#8230;<\/p>\n","protected":false},"author":4,"featured_media":568,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"om_disable_all_campaigns":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"_uf_show_specific_survey":0,"_uf_disable_surveys":false,"footnotes":""},"categories":[4],"tags":[],"class_list":["post-1860","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-avisos-de-seguridad"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/posts\/1860","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/cert.pa\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1860"}],"version-history":[{"count":1,"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/posts\/1860\/revisions"}],"predecessor-version":[{"id":1861,"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/posts\/1860\/revisions\/1861"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/media\/568"}],"wp:attachment":[{"href":"https:\/\/cert.pa\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1860"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cert.pa\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1860"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cert.pa\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1860"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}