{"id":10469,"date":"2025-03-18T14:09:32","date_gmt":"2025-03-18T19:09:32","guid":{"rendered":"https:\/\/beaconlab.us\/?post_type=publicacion&#038;p=10469"},"modified":"2025-03-18T14:09:33","modified_gmt":"2025-03-18T19:09:33","slug":"alerta-2025-21-vulnerabilidad-critica-en-plugin-woocommerce-de-wp","status":"publish","type":"publicacion","link":"https:\/\/beaconlab.us\/es\/publicacion\/alerta-2025-21-vulnerabilidad-critica-en-plugin-woocommerce-de-wp\/","title":{"rendered":"Alerta 2025-21 Vulnerabilidad cr\u00edtica en plugin WooCommerce de WP"},"content":{"rendered":"\n<h2 class=\"wp-block-heading\">Producto(s) afectado(s):&nbsp;<\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li>HUSKY \u2013 WooCommerce Products Filter Professional &lt;= 1.3.6.5<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">Descripci\u00f3n<\/h2>\n\n\n\n<p>Se ha descubierto una falla de seguridad cr\u00edtica en el plugin del CMS WordPress llamado&nbsp;HUSKY \u2013 WooCommerce Products Filter Professional (WOOF) identificada como CVE-2025-1661 con una puntuaci\u00f3n cr\u00edtica CVSS de 9.8 permite a atacantes no autenticados ejecutar archivos arbitrarios en los servidores afectados, lo que podr\u00eda provocar filtraciones de datos, la desfiguraci\u00f3n del sitio web y el control total del sistema.<\/p>\n\n\n\n<p>El plugin vulnerable, dise\u00f1ado para mejorar el filtrado de productos de WooCommerce, presenta una&nbsp;vulnerabilidad&nbsp;de Inclusi\u00f3n de Archivos Locales (LFI) en versiones hasta la 1.3.6.5 (inclusive). Esta falla cr\u00edtica reside en el par\u00e1metro \u00abtemplate\u00bb de la acci\u00f3n AJAX \u00abwoof_text_search\u00bb, lo que permite a atacantes maliciosos inyectar y ejecutar cualquier c\u00f3digo PHP presente en el servidor.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Soluci\u00f3n<\/h2>\n\n\n\n<p>El fabricante del plugin ha generado un parche de seguridad y recomienda actualizar el plugin a la versi\u00f3n 1.3.6.6 en el siguiente enlace:&nbsp;<\/p>\n\n\n\n<figure class=\"wp-block-embed is-type-wp-embed is-provider-plugin-directory wp-block-embed-plugin-directory\"><div class=\"wp-block-embed__wrapper\">\n<blockquote class=\"wp-embedded-content\" data-secret=\"1lyygbmhRA\"><a href=\"https:\/\/wordpress.org\/plugins\/woocommerce-products-filter\/\">HUSKY &#8211; Products Filter Professional for WooCommerce<\/a><\/blockquote><iframe class=\"wp-embedded-content\" sandbox=\"allow-scripts\" security=\"restricted\" style=\"position: absolute; visibility: hidden;\" title=\"&#8220;HUSKY &#8211; Products Filter Professional for WooCommerce&#8221; &#8212; Plugin Directory\" src=\"https:\/\/wordpress.org\/plugins\/woocommerce-products-filter\/embed\/#?secret=daKAmdGTkc#?secret=1lyygbmhRA\" data-secret=\"1lyygbmhRA\" width=\"600\" height=\"338\" frameborder=\"0\" marginwidth=\"0\" marginheight=\"0\" scrolling=\"no\"><\/iframe>\n<\/div><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\">&nbsp;<\/h2>\n\n\n\n<h2 class=\"wp-block-heading\">Informaci\u00f3n adicional:<\/h2>\n\n\n\n<figure class=\"wp-block-embed is-type-wp-embed is-provider-cybersecurity-news wp-block-embed-cybersecurity-news\"><div class=\"wp-block-embed__wrapper\">\n<blockquote class=\"wp-embedded-content\" data-secret=\"ZWsB3aMNQd\"><a href=\"https:\/\/securityonline.info\/critical-flaw-exposes-100000-woocommerce-sites-unauthenticated-file-inclusion-threatens-total-takeover\/\">Critical Flaw Exposes 100,000+ WooCommerce Sites: Unauthenticated File Inclusion Threatens Total Takeover<\/a><\/blockquote><iframe class=\"wp-embedded-content\" sandbox=\"allow-scripts\" security=\"restricted\" style=\"position: absolute; visibility: hidden;\" title=\"&#8220;Critical Flaw Exposes 100,000+ WooCommerce Sites: Unauthenticated File Inclusion Threatens Total Takeover&#8221; &#8212; Cybersecurity News\" src=\"https:\/\/securityonline.info\/critical-flaw-exposes-100000-woocommerce-sites-unauthenticated-file-inclusion-threatens-total-takeover\/embed\/#?secret=jF1dWnrATj#?secret=ZWsB3aMNQd\" data-secret=\"ZWsB3aMNQd\" width=\"600\" height=\"338\" frameborder=\"0\" marginwidth=\"0\" marginheight=\"0\" scrolling=\"no\"><\/iframe>\n<\/div><\/figure>\n","protected":false},"featured_media":10470,"template":"","class_list":["post-10469","publicacion","type-publicacion","status-publish","has-post-thumbnail","hentry"],"acf":{"activar_pdf_link":true,"pdf":10472,"numero_de_boletin":"21","traffic_light_protocol":"White"},"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/beaconlab.us\/es\/wp-json\/wp\/v2\/publicacion\/10469","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/beaconlab.us\/es\/wp-json\/wp\/v2\/publicacion"}],"about":[{"href":"https:\/\/beaconlab.us\/es\/wp-json\/wp\/v2\/types\/publicacion"}],"version-history":[{"count":1,"href":"https:\/\/beaconlab.us\/es\/wp-json\/wp\/v2\/publicacion\/10469\/revisions"}],"predecessor-version":[{"id":10474,"href":"https:\/\/beaconlab.us\/es\/wp-json\/wp\/v2\/publicacion\/10469\/revisions\/10474"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/beaconlab.us\/es\/wp-json\/wp\/v2\/media\/10470"}],"wp:attachment":[{"href":"https:\/\/beaconlab.us\/es\/wp-json\/wp\/v2\/media?parent=10469"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}