{"id":3367,"date":"2023-05-19T19:09:56","date_gmt":"2023-05-20T00:09:56","guid":{"rendered":"https:\/\/cert.pa\/?p=3367"},"modified":"2023-05-19T19:10:07","modified_gmt":"2023-05-20T00:10:07","slug":"actualizacion-de-seguridad-6-2-1-para-wordpress","status":"publish","type":"post","link":"https:\/\/cert.pa\/?p=3367","title":{"rendered":"Actualizaci\u00f3n de seguridad 6.2.1 para WordPress"},"content":{"rendered":"\n<p>Gravedad: Alta&nbsp;&nbsp;<\/p>\n\n\n\n<p><strong>Sistemas Afectados:<\/strong><\/p>\n\n\n\n<p>WordPress, versiones anteriores a 6.2.1.<\/p>\n\n\n\n<p><\/p>\n\n\n\n<p><strong>I<\/strong>. <strong>Descripci\u00f3n<\/strong><\/p>\n\n\n\n<p>Se ha publicado la \u00faltima versi\u00f3n de WordPress que contiene correcciones de seguridad.<\/p>\n\n\n\n<p>Las vulnerabilidades de seguridad reportadas son de tipo:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>bloqueo de los temas que analizan c\u00f3digos cortos en los datos generados por el usuario,<\/li>\n\n\n\n<li>CSRF asociado a la actualizaci\u00f3n de las miniaturas de los archivos adjuntos,<\/li>\n\n\n\n<li>XSS a trav\u00e9s de&nbsp;<em>open embed auto discovery<\/em>,<\/li>\n\n\n\n<li>omisi\u00f3n de la sanitizaci\u00f3n en atributos de bloque para usuarios con pocos privilegios de la funci\u00f3n KSES,<\/li>\n\n\n\n<li>limitaci\u00f3n incorrecta de la ruta a un directorio restringido (<em>path traversal<\/em>) a trav\u00e9s de archivos de traducci\u00f3n.<\/li>\n<\/ul>\n\n\n\n<p><strong>III. Referencia a soluciones, herramientas e informaci\u00f3n<\/strong><\/p>\n\n\n\n<p>Puede&nbsp;<a href=\"https:\/\/wordpress.org\/wordpress-6.2.1.zip\">descargar WordPress 6.2.1 desde WordPress.org<\/a>&nbsp;, o visitar su panel de control de WordPress, hacer clic en &#8220;Actualizaciones&#8221; y luego hacer clic en &#8220;Actualizar ahora&#8221;.<\/p>\n\n\n\n<p><strong>Fuentes:<\/strong><\/p>\n\n\n\n<figure class=\"wp-block-embed is-type-wp-embed is-provider-wordpress-news wp-block-embed-wordpress-news\"><div class=\"wp-block-embed__wrapper\">\n<blockquote class=\"wp-embedded-content\" data-secret=\"GQxxfTrTlb\"><a href=\"https:\/\/wordpress.org\/news\/2023\/05\/wordpress-6-2-1-maintenance-security-release\/\">WordPress 6.2.1 Maintenance &amp; Security Release<\/a><\/blockquote><iframe loading=\"lazy\" class=\"wp-embedded-content\" sandbox=\"allow-scripts\" security=\"restricted\" style=\"position: absolute; clip: rect(1px, 1px, 1px, 1px);\" title=\"&#8220;WordPress 6.2.1 Maintenance &amp; Security Release&#8221; &#8212; WordPress News\" src=\"https:\/\/wordpress.org\/news\/2023\/05\/wordpress-6-2-1-maintenance-security-release\/embed\/#?secret=8vtRagcouw#?secret=GQxxfTrTlb\" data-secret=\"GQxxfTrTlb\" width=\"500\" height=\"282\" frameborder=\"0\" marginwidth=\"0\" marginheight=\"0\" scrolling=\"no\"><\/iframe>\n<\/div><\/figure>\n\n\n\n<p><a href=\"https:\/\/www.incibe.es\/incibe-cert\/alerta-temprana\/avisos\/actualizacion-de-seguridad-621-para-wordpress\">https:\/\/www.incibe.es\/incibe-cert\/alerta-temprana\/avisos\/actualizacion-de-seguridad-621-para-wordpress<\/a><\/p>\n\n\n\n<p><strong>Informaci\u00f3n de contacto<\/strong><br>CSIRT PANAMA<br>Computer Security Incident Response Team Autoridad Nacional para la Innovacion Gubernamental<br>E-Mail: info@cert.pa<br>Phone: +507 520-CERT (2378)<br>Web: https:\/\/cert.pa<br>Twitter: @CSIRTPanama<br>Key ID: 16F2B124<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Gravedad: Alta&nbsp;&nbsp; Sistemas Afectados: WordPress, versiones anteriores a 6.2.1. I. Descripci\u00f3n Se ha publicado la \u00faltima versi\u00f3n de WordPress que contiene correcciones de seguridad. Las vulnerabilidades de seguridad reportadas son de tipo: bloqueo de los&#8230;<\/p>\n","protected":false},"author":4,"featured_media":846,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"om_disable_all_campaigns":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"_uf_show_specific_survey":0,"_uf_disable_surveys":false,"footnotes":""},"categories":[4],"tags":[],"class_list":["post-3367","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-avisos-de-seguridad"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/posts\/3367","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/cert.pa\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=3367"}],"version-history":[{"count":2,"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/posts\/3367\/revisions"}],"predecessor-version":[{"id":3369,"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/posts\/3367\/revisions\/3369"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/media\/846"}],"wp:attachment":[{"href":"https:\/\/cert.pa\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=3367"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cert.pa\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=3367"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cert.pa\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=3367"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}