Nombre del plugin	Oración Para SEO (palabras clave, descripción y etiquetas)
Tipo de vulnerabilidad	Scripting entre sitios (XSS)
Número CVE	CVE-2026-4142
Urgencia	Baja
Fecha de publicación de CVE	2026-04-22
URL de origen	CVE-2026-4142

XSS almacenado de administrador autenticado en Oración Para SEO (≤ 1.0) — Lo que los propietarios de sitios de WordPress deben hacer ahora

Autor: Experto en seguridad de Hong Kong

Fecha: 2026-04-21

Resumen: Se ha informado de una vulnerabilidad de Cross‑Site Scripting (XSS) almacenada (CVE‑2026‑4142) en el plugin de WordPress “Sentence To SEO (keywords, description and tags)” — afectando versiones ≤ 1.0. La falla permite a un administrador autenticado inyectar HTML/JavaScript que se almacena y se ejecuta posteriormente. Aunque el CVSS es relativamente bajo (4.4), el XSS almacenado en un contexto de administrador puede ser un poderoso trampolín para los atacantes si una cuenta de administrador es comprometida o abusada. Esta publicación explica el riesgo, la detección, la contención y los pasos prácticos de mitigación que debes tomar ahora.

Qué sucedió (breve)

Investigadores de seguridad divulgaron una vulnerabilidad de Cross‑Site Scripting (XSS) almacenado en el plugin Oración Para SEO (palabras clave, descripción y etiquetas) para WordPress, rastreada como CVE‑2026‑4142. El problema existe en versiones hasta e incluyendo 1.0. Permite a un usuario autenticado con privilegios de Administrador guardar contenido elaborado (HTML/JS) en campos gestionados por el plugin. Ese contenido se renderiza posteriormente sin la debida escapatoria, causando que los scripts se ejecuten en el contexto de los usuarios que ven la página de administración o frontend afectada.

Resumen técnico de la vulnerabilidad

Tipo de vulnerabilidad: Cross‑Site Scripting almacenado (Stored‑XSS).
Software afectado: Plugin de WordPress Oración Para SEO (palabras clave, descripción y etiquetas).
Versiones vulnerables: ≤ 1.0.
Privilegio requerido: Administrador (autenticado).
CVE: CVE‑2026‑4142.
Impacto: Ejecución de scripts en contextos administrativos o posiblemente públicos que pueden ser utilizados para escalar ataques (robo de sesión, CSRF, operaciones de administrador, instalación de puerta trasera), dependiendo de dónde se ejecute la carga útil.
Causa raíz: El plugin acepta la entrada del administrador para metadatos, palabras clave o etiquetas y la emite posteriormente sin la debida sanitización/escapatoria (falta wp_kses, esc_html/esc_attr, etc.).

Nota: La vulnerabilidad está autenticada (requiere un usuario administrador) y almacenada (los payloads persisten en la base de datos). Aunque el vector de riesgo inicial está limitado a alguien que ya tiene capacidades de administrador, los ataques en el mundo real frecuentemente implican movimientos laterales después de que se obtienen credenciales de administrador a través de phishing, contraseñas robadas o controles internos deficientes.

Por qué la gravedad “baja” no significa “ignorar”

Una calificación CVSS de 4.4 (o similar) refleja una visión limitada del impacto y la explotabilidad. Para sitios de WordPress:

Las cuentas de administrador son objetivos principales: una vez que un atacante controla una cuenta de administrador, puede instalar puertas traseras, crear nuevos usuarios administradores o exportar datos.
El XSS almacenado autenticado en las interfaces de usuario de administración puede convertirse en un compromiso total del sitio (exfiltrar credenciales, realizar acciones a través del navegador del administrador víctima, instalar plugins maliciosos).
Muchos compromisos comienzan con reutilización de credenciales o ingeniería social; las vulnerabilidades que requieren privilegios de administrador reducen la barrera para escalar ataques una vez que se obtienen credenciales.

Se requiere una respuesta medida: parchear o parchear virtualmente de inmediato y auditar por explotación previa.

Quién está afectado y vectores de ataque

Partes afectadas: Cualquier sitio de WordPress que ejecute la versión 1.0 o inferior del plugin Sentence To SEO.
Prerrequisitos de ataque: Un atacante necesita una cuenta de Administrador, o la capacidad de hacer que un administrador visite un enlace controlado por el atacante que desencadena XSS almacenado en un contexto de administrador.
Vectores de ataque típicos:
- Un administrador malicioso (amenaza interna) agrega un script en la configuración del plugin o en los metadatos.
- Cuenta de administrador comprometida (reutilización de credenciales / phishing) utilizada para inyectar el payload.
- El payload de XSS almacenado se ejecuta cuando un administrador u otro usuario ve la pantalla afectada (página de configuración del administrador, editor de publicaciones, página de taxonomía o salida del frontend).

Cómo un atacante podría abusar del XSS almacenado de administrador

El XSS almacenado en una interfaz de administrador es poderoso porque el contexto del navegador para los administradores a menudo incluye privilegios elevados y sesiones activas. Ejemplos de abuso:

Robar cookies de administrador o tokens de sesión, permitiendo al atacante suplantar al administrador.
Usa el navegador del administrador para realizar acciones (crear nuevo usuario administrador, instalar plugin/tema malicioso, cambiar DNS/configuraciones).
Exfiltrar datos de configuración, claves API o contenidos de la base de datos accesibles a través de pantallas de administrador.
Entregar payloads de segunda etapa que contactan servidores C2 del atacante, dificultando la limpieza y detección.

Debido a que el campo vulnerable está almacenado, el código malicioso puede sobrevivir a reinicios y persistir en copias de seguridad y exportaciones, aumentando la complejidad de la remediación.

Pasos inmediatos de mitigación (lista de verificación rápida)

Si ejecutas WordPress y tienes este plugin instalado, haz lo siguiente de inmediato:

Identificar la versión del complemento:
- WP Admin → Plugins → busca “Sentence To SEO” y anota la versión.
Si está ejecutando ≤ 1.0:
- Desactive el complemento de inmediato si puede permitirse la pérdida temporal de su funcionalidad.
- Si no puede desactivar, restrinja el acceso a la interfaz de administración (ver más abajo).
Rote todas las contraseñas de administrador y asegúrese de usar contraseñas únicas / un gestor de contraseñas.
Habilita MFA para todas las cuentas de administrador.
Aplique filtros de entrada en la capa web/aplicación (WAF o equivalente) para bloquear cargas útiles de scripts obvias que apunten a los puntos finales del complemento.
Busca etiquetas de script sospechosas o entradas en la base de datos y entradas de opciones del plugin (comandos a continuación).</li> <li>Escanee el sitio con escáneres de malware de confianza y verifique la integridad de los archivos.</li> <li>Si sospecha de una posible violación, siga el manual de respuesta a incidentes a continuación (aislar y restaurar).</li> </ol> <p>Si se lanza un parche oficial del proveedor, actualice de inmediato. Si no hay parche disponible, continúe utilizando parches virtuales y reduzca la exposición del administrador hasta que la remediación del proveedor esté lista.</p> </section> <section id="remediation-plan"> <h2 id="detailed-remediation-and-recovery-plan">Plan detallado de remediación y recuperación</h2> <ol> <li><strong>Inventario y versionado</strong> <ul> <li>Enumere todos los sitios de WordPress y verifique si el complemento está instalado y qué versión: <pre><code>wp plugin list --status=active --format=table</code></pre> </li> <li>Si el complemento está presente y la versión ≤ 1.0, considere la desactivación inmediata.</li> </ul> </li> <li><strong>Copia de seguridad (tome una copia segura)</strong> <ul> <li>Realice una copia de seguridad completa (base de datos + archivos) y guárdela fuera de línea antes de cualquier remediación para preservar evidencia forense.</li> <li>Nota: Las copias de seguridad pueden contener cargas útiles maliciosas — manéjelas con cuidado.</li> </ul> </li> <li><strong>Contener</strong> <ul> <li>Desactive temporalmente el plugin.</li> <li>Si deshabilitar rompe la funcionalidad del sitio, restrinja el acceso a /wp-admin por IP o habilite la autenticación básica HTTP mientras trabaja.</li> <li>Aplique reglas de parches virtuales en la capa web para bloquear envíos POST/PUT que contengan fragmentos de script sospechosos para los puntos finales del complemento.</li> </ul> </li> <li><strong>Credenciales y cuentas</strong> <ul> <li>Fuerza restablecimientos de contraseña para todos los administradores.</li> <li>Elimine cuentas de administrador desconocidas.</li> <li>Haga cumplir contraseñas fuertes y habilite 2FA para todos los administradores.</li> </ul> </li> <li><strong>Limpia la base de datos</strong> <ul> <li>Busque y elimine las etiquetas de script almacenadas inyectadas en opciones, postmeta, termmeta, usermeta o tablas específicas de plugins:</li> <li>Ejemplo de SQL (usar con precaución): <pre><code>SELECCIONAR option_id, option_name DE wp_options DONDE option_value LIKE '%<script%'; SELECT post_id, meta_key FROM wp_postmeta WHERE meta_value LIKE '%<script%';</code></pre> </li> <li>Remove known payloads: use wp-cli search-replace with careful regular expressions or export → sanitize → reimport.</li> <li>Prefer targeted cleanup (wp-cli, controlled search/replace) over blind DELETEs.</li> </ul> </li> <li><strong>Scan files & plugins</strong> <ul> <li>Scan the wp-content folder and core files for unknown or modified PHP files.</li> <li>Compare file hashes to a clean WordPress core to detect new/changed files.</li> </ul> </li> <li><strong>Restore or cleanup</strong> <ul> <li>If cleanup is possible and you’re confident, remove the malicious injected code and re-enable the plugin once patched or safe.</li> <li>If the site is heavily compromised, consider restoring from a clean backup created before the compromise date.</li> </ul> </li> <li><strong>Patch and update</strong> <ul> <li>When the plugin author releases a patch, update to the fixed version promptly.</li> <li>Re-scan after patch to ensure no persistence remains.</li> </ul> </li> <li><strong>Follow up</strong> <ul> <li>Audit logs to see how and when the injection occurred.</li> <li>Create a timeline of events and document remediation steps.</li> </ul> </li> </ol> </section> <section id="detect-exploitation"> <h2 id="how-to-detect-past-exploitation-and-find-malicious-payloads">How to detect past exploitation and find malicious payloads</h2> <p>Stored XSS payloads are often simple script tags, event handlers, or encoded HTML. Detection steps:</p> <ul> <li><strong>Database searches</strong> <ul> <li>Search for <code><script</code>, <code>onerror=</code>, <code>onload=</code>, <code>javascript:</code>, <code><iframe</code>, <code>src="data:text/html,</code> in these tables: <ul> <li>wp_options, wp_postmeta, wp_posts (post_content), wp_terms and termmeta, wp_usermeta.</li> </ul> </li> </ul> </li> <li><strong>WP‑CLI useful commands</strong> <ul> <li><code>wp search-replace '<script' '' --skip-columns=guid --dry-run</code></li> <li><code>wp db query "SELECT ID, post_title FROM wp_posts WHERE post_content LIKE '%<script%';"</code></li> </ul> </li> <li><strong>File system scan</strong> <ul> <li>Grep for suspicious PHP functions: <code>base64_decode</code>, <code>gzinflate</code>, <code>eval</code> patterns: <pre><code>grep -R --exclude-dir=wp-includes --exclude-dir=wp-admin -n "base64_decode" .</code></pre> </li> </ul> </li> <li><strong>Webserver access logs and admin action logs</strong> <ul> <li>Look for POST requests to plugin endpoints or options.php edit actions around suspicious timestamps.</li> </ul> </li> <li><strong>Browser console traces and admin page review</strong> <ul> <li>Log into admin and inspect pages related to the plugin settings. If any content changes unexpectedly or you see unusual UI elements, investigate.</li> </ul> </li> </ul> <p>If you discover injected scripts, preserve the evidence, note timestamps, and follow the containment steps above.</p> </section> <section id="hardening"> <h2 id="hardening-and-prevention-wordpress-best-practices">Hardening and prevention (WordPress best practices)</h2> <ul> <li><strong>Principle of least privilege:</strong> Limit the number of admin accounts. Use Editor-level accounts for content editors and separate accounts for site ops.</li> <li><strong>Multi-Factor Authentication:</strong> Enforce MFA for all administrator-level users.</li> <li><strong>Strong password policy:</strong> Use a password manager and enforce unique, long passwords.</li> <li><strong>Reduce admin exposure:</strong> Restrict /wp-admin and /wp-login.php by IP where possible, or present an HTTP basic authentication layer.</li> <li><strong>Regular plugin hygiene:</strong> Remove unused plugins and themes; only install plugins from reputable sources and check reviews, active installs, and last updated date.</li> <li><strong>Regular updates:</strong> Keep WordPress core, themes, and plugins updated. Automate minor and security updates where possible.</li> <li><strong>Harden file and filesystem permissions:</strong> Ensure file permissions are restrictive (files 644, folders 755) and ownerships are correct for your hosting environment.</li> <li><strong>Content sanitization practices for developers:</strong> Always sanitize input using <code>sanitize_text_field()</code>, <code>wp_kses_post()</code>, or custom <code>wp_kses()</code> rules. Escape output with <code>esc_html()</code>, <code>esc_attr()</code>, <code>esc_url()</code>. Verify capability checks (<code>current_user_can()</code>) and use nonces for admin POSTs.</li> <li><strong>Logging and monitoring:</strong> Enable audit logging and review admin actions regularly. Monitor file integrity and alert on unexpected changes.</li> </ul> </section> <section id="waf-rules"> <h2 id="waf-rules-and-virtual-patch-suggestions-recommended-rule-patterns">WAF rules and virtual patch suggestions (recommended rule patterns)</h2> <p>If the vendor patch is not yet available or you prefer layered defence, apply web-layer rules that mitigate stored XSS in admin inputs. Tune rules to avoid false positives.</p> <ol> <li><strong>Block script tag payloads in admin POSTs</strong> <ul> <li>Condition: Request URI matches admin plugin endpoints or options.php and HTTP POST body contains “<code><script</code>” or “<code>javascript:</code>” or “<code>onerror=</code>“.</li> <li>Action: Block or challenge (captcha) with a 403/Challenge response.</li> </ul> </li> <li><strong>Block common XSS payload encodings</strong> <ul> <li>Look for encoded forms like <code>%3Cscript%3E</code>, <code>\x3cscript</code>, or base64 payloads in POST content. Deny requests if payload is detected in plugin option keys or metadata fields.</li> </ul> </li> <li><strong>Limit allowed characters for SEO fields</strong> <ul> <li>Many plugin fields (keywords, tags, meta descriptions) should allow only safe characters — letters, numbers, punctuation. Block angle brackets (<code><</code>, <code>></code>) and on* attributes.</li> <li>Example rule: Deny POST where meta_description matches /[<>]/ or contains “onmouseover|onerror|javascript:”.</li> </ul> </li> <li><strong>Protect plugin settings pages specifically</strong> <ul> <li>If the plugin admin pages are detected at <code>/wp-admin/admin.php?page=sentence-to-seo</code> (example), apply stricter POST filters and rate limits on settings saves.</li> </ul> </li> <li><strong>Protect administrator sessions</strong> <ul> <li>Block suspicious IPs, geolocations, or UA strings with excessive admin POST activity. Enforce 2FA checkpoints for settings modifications where possible.</li> </ul> </li> <li><strong>Logging & alerting</strong> <ul> <li>Log and alert on every blocked POST to plugin admin pages containing suspicious patterns for manual review.</li> </ul> </li> </ol> <p>Note: Virtual patching is a temporary mitigation and not a substitute for a vendor fix. Once the plugin is updated, remove temporary rules that interfere with legitimate functionality.</p> </section> <section id="incident-response"> <h2 id="incident-response-playbook-if-you-suspect-compromise">Incident response playbook (if you suspect compromise)</h2> <ol> <li><strong>Triage</strong> <ul> <li>Take site offline or enable maintenance mode if public safety is a concern.</li> <li>Capture current system state: database dump, file listing, access logs.</li> </ul> </li> <li><strong>Contain</strong> <ul> <li>Disable the vulnerable plugin; block admin access from public Internet if possible.</li> <li>Rotate admin credentials and API keys.</li> </ul> </li> <li><strong>Analyze</strong> <ul> <li>Identify persistence mechanisms: scheduled tasks, new plugin/theme files, modified core files.</li> <li>Look for webshells or unknown PHP files in uploads, themes, or wp-content.</li> </ul> </li> <li><strong>Eradicate</strong> <ul> <li>Remove or quarantine malicious files.</li> <li>Clean injected database values and remove unauthorized users.</li> </ul> </li> <li><strong>Recover</strong> <ul> <li>Restore from clean backup, or after cleaning, continue to monitor in an isolated environment and then re-enable live traffic.</li> </ul> </li> <li><strong>Lessons learned</strong> <ul> <li>Document the attack chain and strengthen defenses: MFA adoption, admin access hardening, plugin update policy.</li> </ul> </li> <li><strong>Notify</strong> <ul> <li>If sensitive data was exposed, comply with reporting requirements applicable to your jurisdiction.</li> </ul> </li> <li><strong>Post‑incident monitoring</strong> <ul> <li>Keep elevated monitoring for at least 30 days and review logs for signs of re‑entry.</li> </ul> </li> </ol> </section> <section id="developer-tips"> <h2 id="practical-code-checks-and-developer-tips">Practical code checks and developer tips</h2> <p>If you maintain plugins or custom themes, follow these code-level rules to avoid similar vulnerabilities:</p> <ul> <li><strong>Always sanitize inputs</strong>: <ul> <li>For simple text: <code>sanitize_text_field( $_POST['field'] );</code></li> <li>For limited HTML: <code>wp_kses( $_POST['field'], $allowed_html );</code></li> </ul> </li> <li><strong>Escape outputs appropriately</strong>: <ul> <li><code>esc_html()</code> for element content.</li> <li><code>esc_attr()</code> for attribute values.</li> <li><code>esc_url()</code> for URLs.</li> </ul> </li> <li><strong>Use nonces and capability checks for all admin actions</strong>: <ul> <li><code>check_admin_referer( 'my_action_nonce' );</code></li> <li><code>if ( ! current_user_can( 'manage_options' ) ) { wp_die( 'Insufficient permissions' ); }</code></li> </ul> </li> <li><strong>Avoid echoing unsanitized admin options</strong>: <ul> <li><code>echo esc_attr( get_option( 'my_plugin_setting' ) );</code></li> </ul> </li> <li><strong>Constrain allowed characters in SEO fields</strong>: <ul> <li>Use <code>preg_replace</code> to strip angle brackets and event handler attributes from fields that should be plain text.</li> </ul> </li> </ul> <p>Example: sanitize and save meta safely:</p> <pre><code><?php if ( isset( $_POST['my_meta_field'] ) && check_admin_referer( 'my_meta_nonce', 'my_meta_nonce_field' ) ) { if ( current_user_can( 'edit_post', $post_id ) ) { $clean_value = wp_kses( $_POST['my_meta_field'], array() ); // no tags allowed update_post_meta( $post_id, 'my_meta_field', $clean_value ); } } ?></code></pre> <p>If your plugin genuinely needs HTML in user content, define a safe allowed tags array and use <code>wp_kses()</code> with a conservative list.</p> </section> <section id="final-notes"> <h2 id="final-notes">Final notes</h2> <ul> <li>Prioritize patching: When the plugin author ships an official fix, update as soon as possible.</li> <li>Do not rely on any single control: hardening, web-layer protections, and monitoring together reduce risk.</li> <li>Protect admin accounts proactively: mandate MFA and reduce admin user count.</li> <li>Regularly audit your plugins and remove unused ones.</li> <li>If you lack in-house security expertise, engage a qualified security professional for detection, containment, and remediation.</li> </ul> <p>If you found this guide useful, save it and share with other site owners in your organisation. Vulnerabilities like authenticated stored XSS are easier to manage when multiple layers of defence are in place — and when every admin account follows strong security practices.</p> <footer> <p>Stay safe,<br />Hong Kong Security Expert</p> </footer> </section> </article> </div> <section class="post-tags"><ul><li><h5 class="title-tags">Etiquetas:</h5></li><li><a href="https://wp-security.org/es/tag/wordpress-security/" rel="tag">WordPress Security</a></li></ul></section> <div class="pk-share-buttons-wrap pk-share-buttons-layout-default pk-share-buttons-scheme-bold-bg pk-share-buttons-has-counts pk-share-buttons-has-total-counts pk-share-buttons-after-post pk-share-buttons-mode-php pk-share-buttons-mode-rest" data-post-id="4190" data-share-url="https://wp-security.org/es/vulnerability-database/hong-kong-ngo-alert-xss-in-plugincve20264142/" > <div class="pk-share-buttons-total pk-share-buttons-total-no-count"> <div class="pk-share-buttons-count cs-font-primary">0 Shares:</div> </div> <div class="pk-share-buttons-items"> <div class="pk-share-buttons-item pk-share-buttons-facebook pk-share-buttons-no-count" data-id="facebook"> <a href="https://www.facebook.com/sharer.php?u=https://wp-security.org/es/vulnerability-database/hong-kong-ngo-alert-xss-in-plugincve20264142/" class="pk-share-buttons-link" target="_blank"> <i class="pk-share-buttons-icon pk-icon pk-icon-facebook"></i> <span class="pk-share-buttons-label pk-font-primary">Compartir</span> <span class="pk-share-buttons-count pk-font-secondary">0</span> </a> </div> <div class="pk-share-buttons-item pk-share-buttons-twitter pk-share-buttons-no-count" data-id="twitter"> <a href="https://x.com/share?&text=%3Ctrp-post-container%20data-trp-post-id%3D%274190%27%3EHong%20Kong%20NGO%20Alert%20XSS%20in%20Plugin%28CVE20264142%29%3C%2Ftrp-post-container%3E&url=https://wp-security.org/es/vulnerability-database/hong-kong-ngo-alert-xss-in-plugincve20264142/" class="pk-share-buttons-link" target="_blank"> <i class="pk-share-buttons-icon pk-icon pk-icon-twitter"></i> <span class="pk-share-buttons-label pk-font-primary">Tweet</span> <span class="pk-share-buttons-count pk-font-secondary">0</span> </a> </div> <div class="pk-share-buttons-item pk-share-buttons-pinterest pk-share-buttons-no-count" data-id="pinterest"> <a href="https://pinterest.com/pin/create/bookmarklet/?url=https://wp-security.org/es/vulnerability-database/hong-kong-ngo-alert-xss-in-plugincve20264142/&media=https://wp-security.org/wp-content/uploads/2026/04/2026-04-22CVE20264142Sentence-To-SEO-keywords-description-and-tags-1024x576.jpg" class="pk-share-buttons-link" target="_blank"> <i class="pk-share-buttons-icon pk-icon pk-icon-pinterest"></i> <span class="pk-share-buttons-label pk-font-primary">Fijarlo</span> <span class="pk-share-buttons-count pk-font-secondary">0</span> </a> </div> </div> </div> <section class="post-author"> <div class="authors-compact"> <div class="author-wrap"> <div class="author"> <div class="author-avatar"> <a href="https://wp-security.org/es/author/wp-security/" rel="author"> <img alt='' src='https://secure.gravatar.com/avatar/16bf83a02c7c3aa39247769e866366c2ea8ccfb8bd88a16ef3ac35925a1da888?s=120&d=mm&r=g' srcset='https://secure.gravatar.com/avatar/16bf83a02c7c3aa39247769e866366c2ea8ccfb8bd88a16ef3ac35925a1da888?s=240&d=mm&r=g 2x' class='avatar avatar-120 photo' height='120' width='120' decoding='async'/> </a> </div> <div class="author-description"> <h5 class="title-author"> <span class="fn"> <a href="https://wp-security.org/es/author/wp-security/" rel="author"> WP Security Vulnerability Report </a> </span> </h5> <p class="note"></p> </div> </div> </div> </div> </section> <div id="disqus_thread"></div> </div> </div> </article> <div class="post-prev-next"> <a class="link-item prev-link" href="https://wp-security.org/es/vulnerability-database/community-security-alert-mcatfilter-csrf-vulnerabilitycve20264139/"> <div class="link-content"> <div class="link-label"> <span class="link-arrow"></span><span class="link-text"> — Artículo anterior</span> </div> <h2 class="entry-title"> Community Security Alert mCatFilter CSRF Vulnerability(CVE20264139) </h2> </div> </a> <a class="link-item next-link" href="https://wp-security.org/es/vulnerability-database/community-advisory-csrf-in-woocommerce-order-exportcve20264140/"> <div class="link-content"> <div class="link-label"> <span class="link-text">Siguiente artículo — </span><span class="link-arrow"></span> </div> <h2 class="entry-title"> Community Advisory CSRF in WooCommerce Order Export(CVE20264140) </h2> </div> </a> </div> <section class="post-archive archive-related"> <div class="archive-wrap"> <div class="title-block-wrap"> <h5 class="title-block"> También te puede gustar </h5> </div> <div class="archive-main archive-list archive-heading-small archive-borders-enabled archive-shadow-enabled archive-scale-enabled"> <article class="entry-without-preview post-1139 post type-post status-publish format-standard has-post-thumbnail category-vulnerability-database tag-wordpress-security"> <div class="post-outer"> <div class="post-inner"> <div class="meta-category"><a class="category-style" href="https://wp-security.org/es/category/vulnerability-database/"><span style="background-color:#EDF2FF" data-color="#EDF2FF" data-color-dark="#555555" class="char" data-scheme="default">W</span><span class="label">WordPress Vulnerability Database</span></a></div> <header class="entry-header"> <h2 class="entry-title"><a href="https://wp-security.org/es/vulnerability-database/hk-ngo-alert-social-login-authentication-bypasscve20255821/" rel="bookmark">HK NGO Alert Social Login Authentication Bypass(CVE20255821)</a></h2><ul class="post-meta"><li class="meta-date">agosto 22, 2025</li></ul> </header> <div class="entry-details"> <div class="entry-excerpt"> WordPress Case Theme User plugin <= 1.0.3 - Authentication Bypass via Social Login vulnerability </div> </div> </div> </div> </article> <article class="entry-without-preview post-3742 post type-post status-publish format-standard has-post-thumbnail category-vulnerability-database tag-wordpress-security"> <div class="post-outer"> <div class="post-inner"> <div class="meta-category"><a class="category-style" href="https://wp-security.org/es/category/vulnerability-database/"><span style="background-color:#EDF2FF" data-color="#EDF2FF" data-color-dark="#555555" class="char" data-scheme="default">W</span><span class="label">WordPress Vulnerability Database</span></a></div> <header class="entry-header"> <h2 class="entry-title"><a href="https://wp-security.org/es/vulnerability-database/community-alert-xss-risk-in-motta-addonscve202625033/" rel="bookmark">Community Alert XSS Risk in Motta Addons(CVE202625033)</a></h2><ul class="post-meta"><li class="meta-date">marzo 22, 2026</li></ul> </header> <div class="entry-details"> <div class="entry-excerpt"> Cross Site Scripting (XSS) in WordPress Motta Addons Plugin </div> </div> </div> </div> </article> <article class="entry-without-preview post-4163 post type-post status-publish format-standard has-post-thumbnail category-vulnerability-database tag-wordpress-security"> <div class="post-outer"> <div class="post-inner"> <div class="meta-category"><a class="category-style" href="https://wp-security.org/es/category/vulnerability-database/"><span style="background-color:#EDF2FF" data-color="#EDF2FF" data-color-dark="#555555" class="char" data-scheme="default">W</span><span class="label">WordPress Vulnerability Database</span></a></div> <header class="entry-header"> <h2 class="entry-title"><a href="https://wp-security.org/es/vulnerability-database/everest-forms-directory-traversal-hong-kong-alertcve20265478/" rel="bookmark">Everest Forms Directory Traversal Hong Kong Alert(CVE20265478)</a></h2><ul class="post-meta"><li class="meta-date">abril 21, 2026</li></ul> </header> <div class="entry-details"> <div class="entry-excerpt"> Directory Traversal in WordPress Everest Forms Plugin </div> </div> </div> </div> </article> <article class="entry-without-preview post-4016 post type-post status-publish format-standard has-post-thumbnail category-vulnerability-database tag-wordpress-security"> <div class="post-outer"> <div class="post-inner"> <div class="meta-category"><a class="category-style" href="https://wp-security.org/es/category/vulnerability-database/"><span style="background-color:#EDF2FF" data-color="#EDF2FF" data-color-dark="#555555" class="char" data-scheme="default">W</span><span class="label">WordPress Vulnerability Database</span></a></div> <header class="entry-header"> <h2 class="entry-title"><a href="https://wp-security.org/es/vulnerability-database/hong-kong-alert-xss-in-wordpress-popupcve202515611/" rel="bookmark">Hong Kong Alert XSS in WordPress Popup(CVE202515611)</a></h2><ul class="post-meta"><li class="meta-date">abril 8, 2026</li></ul> </header> <div class="entry-details"> <div class="entry-excerpt"> Cross Site Scripting (XSS) in WordPress Popup box Plugin </div> </div> </div> </div> </article> <article class="entry-without-preview post-2420 post type-post status-publish format-standard has-post-thumbnail category-vulnerability-database tag-wordpress-security"> <div class="post-outer"> <div class="post-inner"> <div class="meta-category"><a class="category-style" href="https://wp-security.org/es/category/vulnerability-database/"><span style="background-color:#EDF2FF" data-color="#EDF2FF" data-color-dark="#555555" class="char" data-scheme="default">W</span><span class="label">WordPress Vulnerability Database</span></a></div> <header class="entry-header"> <h2 class="entry-title"><a href="https://wp-security.org/es/vulnerability-database/hong-kong-security-advisory-wordpress-privilege-escalationcve202514975/" rel="bookmark">Hong Kong Security Advisory WordPress Privilege Escalation(CVE202514975)</a></h2><ul class="post-meta"><li class="meta-date">febrero 1, 2026</li></ul> </header> <div class="entry-details"> <div class="entry-excerpt"> Privilege Escalation in WordPress Custom Login Page Customizer Plugin </div> </div> </div> </div> </article> <article class="entry-without-preview post-4071 post type-post status-publish format-standard has-post-thumbnail category-vulnerability-database tag-wordpress-security"> <div class="post-outer"> <div class="post-inner"> <div class="meta-category"><a class="category-style" href="https://wp-security.org/es/category/vulnerability-database/"><span style="background-color:#EDF2FF" data-color="#EDF2FF" data-color-dark="#555555" class="char" data-scheme="default">W</span><span class="label">WordPress Vulnerability Database</span></a></div> <header class="entry-header"> <h2 class="entry-title"><a href="https://wp-security.org/es/vulnerability-database/community-advisory-eshot-plugin-access-vulnerabilitycve20263642/" rel="bookmark">Community Advisory Eshot Plugin Access Vulnerability(CVE20263642)</a></h2><ul class="post-meta"><li class="meta-date">abril 15, 2026</li></ul> </header> <div class="entry-details"> <div class="entry-excerpt"> Broken Access Control in WordPress e-shot Plugin </div> </div> </div> </div> </article> </div> </div> </section> </main> </div> </div> </div> </div> <footer id="colophon" class="site-footer"> <div class="footer-subscribe"> <div class="cs-container"> <div class="subscribe-wrap"> </div> </div> </div> <div class="footer-info"> <div class="cs-container"> <div class="site-info"> <div class="footer-col-info"> <span class="site-title footer-title" href="https://wp-security.org/es/" rel="home"> <img src="https://wp-security.org/wp-content/uploads/2025/08/WP-Security-logo-1-e1754494371106.png" alt="WP Security" > </span> <div class="footer-copyright"> © 2025 WP-Security.org Disclaimer: WP-Security.org is an independent, non-profit NGO community committed to sharing WordPress security news and information. We are not affiliated with WordPress, its parent company, or any related entities. All trademarks are the property of their respective owners. </div> </div> </div> </div> </div> </footer> </div> </div> </div> <template id="tp-language" data-tp-language="es_ES"></template><script type="speculationrules"> {"prefetch":[{"source":"document","where":{"and":[{"href_matches":"/es/*"},{"not":{"href_matches":["/wp-*.php","/wp-admin/*","/wp-content/uploads/*","/wp-content/*","/wp-content/plugins/*","/wp-content/themes/squaretype/*","/es/*\\?(.+)"]}},{"not":{"selector_matches":"a[rel~=\"nofollow\"]"}},{"not":{"selector_matches":".no-prefetch, .no-prefetch a"}}]},"eagerness":"conservative"}]} </script> <a href="#top" class="pk-scroll-to-top"> <i class="pk-icon pk-icon-up"></i> </a> <div class="pk-mobile-share-overlay"> </div> <script type="text/javascript"> var _paq = _paq || []; _paq.push(['setCustomDimension', 1, '{"ID":3,"name":"WP Security Vulnerability Report","avatar":"f7de7e299d4a4b4c92c6f2c2a29a7ca7"}']); _paq.push(['trackPageView']); (function () { var u = "https://analytics2.wpmudev.com/"; _paq.push(['setTrackerUrl', u + 'track/']); _paq.push(['setSiteId', '24942']); var d = document, g = d.createElement('script'), s = d.getElementsByTagName('script')[0]; g.type = 'text/javascript'; g.async = true; g.defer = true; g.src = 'https://analytics.wpmucdn.com/matomo.js'; s.parentNode.insertBefore(g, s); })(); </script> <script id='kirki-viewport-lists'>var kirkiViewports = {"md":{"value":1200,"scale":1,"minWidth":1200,"maxWidth":1200,"title":"Desktop","icon":"desktop","activeIcon":"desktop-hover","id":"md","type":"max"},"tablet":{"value":991,"scale":1,"minWidth":991,"maxWidth":991,"title":"Tablet","icon":"tablet-default","activeIcon":"tablet-hover","type":"max","id":"tablet"},"mobileLandscape":{"value":767,"scale":1,"minWidth":767,"maxWidth":767,"title":"Landscape","icon":"phone-hr-default","activeIcon":"phone-hr-hover","type":"max","id":"mobileLandscape"},"mobile":{"value":575,"scale":1,"minWidth":575,"maxWidth":575,"title":"Mobile","icon":"phone-vr-default","activeIcon":"phone-vr-hover","type":"max","id":"mobile"}};</script><script id='kirki-variable-lists'>var kirkiCSSVariable = {"data":[{"title":"Colors","key":"color","modes":[{"title":"Default","key":"default"}],"variables":[]},{"title":"Numbers","key":"size","modes":[{"title":"Default","key":"default"}],"variables":[]},{"title":"Text Styles","key":"text-style","modes":[{"title":"Default","key":"default"}],"variables":[]},{"title":"Font Family","key":"font-family","modes":[{"title":"Default","key":"default"}],"variables":[]}]};</script><script id="kirki-api-and-nonce"> window.wp_kirki = { ajaxUrl: "https://wp-security.org/wp-admin/admin-ajax.php", restUrl: "https://wp-security.org/es/wp-json/", siteUrl: "https://wp-security.org", apiVersion: "v1", postId: "4190", nonce: "700cb694a4", call_from: "", templateId: "", context: {"id":4190,"type":"post"} }; </script><script id="wp-importmap" type="importmap"> {"imports":{"@wordpress/interactivity":"https://wp-security.org/wp-includes/js/dist/script-modules/interactivity/index.min.js?ver=efaa5193bbad9c60ffd1","@surecart/checkout":"https://wp-security.org/wp-content/plugins/surecart/packages/blocks-next/build/scripts/checkout/index.js?ver=3bbe28b8db1e11147c67","@surecart/checkout-events":"https://wp-security.org/wp-content/plugins/surecart/packages/blocks-next/build/scripts/checkout-events/index.js?ver=ed9647bd6c7865efe2ad","@surecart/checkout-service":"https://wp-security.org/wp-content/plugins/surecart/packages/blocks-next/build/scripts/checkout-actions/index.js?ver=e445a0ee0396d75d52c0","@surecart/google-events":"https://wp-security.org/wp-content/plugins/surecart/packages/blocks-next/build/scripts/google/index.js?ver=d92e383a18bcf54ea538","@surecart/facebook-events":"https://wp-security.org/wp-content/plugins/surecart/packages/blocks-next/build/scripts/facebook/index.js?ver=cf5c6499cb7b867894c1","@wordpress/a11y":"https://wp-security.org/wp-includes/js/dist/script-modules/a11y/index.min.js?ver=1c371cb517a97cdbcb9f","@surecart/api-fetch":"https://wp-security.org/wp-content/plugins/surecart/packages/blocks-next/build/scripts/fetch/index.js?ver=1bfba8ea0694a193022a"}} </script> <script id="@surecart/line-item-note-js-module" src="https://wp-security.org/wp-content/plugins/surecart/packages/blocks-next/build/scripts/line-item-note/index.js?ver=af6cf14267b5a9ad219f" type="module"></script> <script id="@surecart/checkout-js-module" src="https://wp-security.org/wp-content/plugins/surecart/packages/blocks-next/build/scripts/checkout/index.js?ver=3bbe28b8db1e11147c67" type="module"></script> <script id="@surecart/cart-js-module" src="https://wp-security.org/wp-content/plugins/surecart/packages/blocks-next/build/scripts/cart/index.js?ver=c2f35b71b4309df849fe" type="module"></script> <script id="@surecart/order-bumps-js-module" src="https://wp-security.org/wp-content/plugins/surecart/packages/blocks-next/build/scripts/order-bumps/index.js?ver=c639def39210a6244eb2" type="module"></script> <script id="wp-script-module-data-@wordpress/interactivity" type="application/json"> {"state":{"surecart/order-bumps":{"currentPage":1,"perPage":3},"surecart/checkout":{"checkout":{"line_items":{"data":[]}},"discountIsRedeemable":false,"isDiscountApplied":false,"hasDiscountAmount":false,"hasSubtotalScratchAmount":false,"itemsCount":0,"hasItems":false}}} </script> <div id="fb-root"></div> <script async defer crossorigin="anonymous" src="https://connect.facebook.net/es_ES/sdk.js#xfbml=1&version=v17.0&appId=&autoLogAppEvents=1" nonce="Ci8te34e"></script> <script> window.scFetchData = {"root_url":"https:\/\/wp-security.org\/es\/wp-json\/","nonce":"700cb694a4","nonce_endpoint":"https:\/\/wp-security.org\/wp-admin\/admin-ajax.php?action=sc-rest-nonce"} </script>  <div data-wp-context='{"formId":131,"mode":"live"}' data-wp-interactive='{ "namespace": "surecart/checkout" }' data-wp-init="callbacks.init" data-wp-watch="callbacks.onChangeCheckout" data-wp-on-window--storage="callbacks.syncTabs" class="sc-cart-wrapper is-layout-flow wp-container-surecart-slide-out-cart-is-layout-c8108a87 wp-block-surecart-slide-out-cart-is-layout-flow" > <div style="font-size:15px;width: 525px" class="sc-drawer sc-cart-drawer wp-block-surecart-slide-out-cart" role="dialog" data-wp-bind--aria-label="surecart/cart::state.ariaLabel" data-wp-class--open="surecart/cart::state.open" data-wp-on--keydown="surecart/cart::actions.handleKeydown" >  <div class="sc-alert sc-alert__alert--danger" role="alert" aria-live="assertive" aria-atomic="true" data-wp-bind--hidden="!state.error" hidden> <div class="sc-alert__icon"> <svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewbox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"> <circle cx="12" cy="12" r="10" /> <line x1="12" y1="8" x2="12" y2="12" /> <line x1="12" y1="16" x2="12.01" y2="16" /> </svg> </div> <div class="sc-alert__text"> <div class="sc-alert__title"> <span data-wp-text="state.errorTitle"></span> </div> <div class="sc-alert__message"> <div data-wp-text="state.errorMessage"></div> <template data-wp-each--message="state.additionalErrors"> <div> <span data-wp-text="context.message"></span> </div> </template> </div> </div> </div> <div class="wp-block-group is-content-justification-space-between is-nowrap is-layout-flex wp-container-core-group-is-layout-64e1162d wp-block-group-is-layout-flex" style="padding-top:1.5em;padding-right:2em;padding-bottom:0em;padding-left:2em"> <div style="line-height:1" class="wp-block-surecart-cart-close-button" data-wp-on--click="surecart/cart::actions.toggle" data-wp-on--keypress="surecart/cart::actions.toggle" role="button" tabindex="0" aria-label="Cerrar carrito" > <svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewbox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"> <line x1="5" y1="12" x2="19" y2="12" /> <polyline points="12 5 19 12 12 19" /> </svg> </div> <p class="wp-block-paragraph" style="margin-top:0px;margin-right:0px;margin-bottom:0px;margin-left:0px;padding-top:0px;padding-right:0px;padding-bottom:0px;padding-left:0px;font-size:16px;font-style:normal;font-weight:500;line-height:1"> Revisa Mi Pedido</p> <span style="font-size:14px;font-weight:600;line-height:1;border-radius:4px;padding-top:6px;padding-bottom:6px;padding-left:10px;padding-right:10px" class="wp-block-surecart-cart-count" data-wp-text="state.itemsCount">0</span> </div> <div class="wp-block-group wp-container-content-9cfa9a5a"><div class="wp-block-group__inner-container is-layout-flow wp-block-group-is-layout-flow"> <div style="padding-top:2em;padding-bottom:2em;padding-left:2em;padding-right:2em" class="wp-block-surecart-slide-out-cart-line-items is-layout-flow wp-container-surecart-slide-out-cart-line-items-is-layout-2e48a420 wp-block-surecart-slide-out-cart-line-items-is-layout-flow" role="list"> <template data-wp-each--line_item="state.checkoutLineItems" data-wp-each-key="context.line_item.id" > <div class="sc-product-line-item" data-wp-class--sc-product-line-item--has-swap="state.swap" role="listitem" data-wp-bind--aria-label="state.lineItemAriaLabel"> <div class="sc-product-line-item__content"> <div class="wp-block-group wp-container-content-9cfa9a5a"><div class="wp-block-group__inner-container is-layout-flow wp-block-group-is-layout-flow"> <div class="wp-block-group is-nowrap is-layout-flex wp-container-core-group-is-layout-92927b4a wp-block-group-is-layout-flex"> <figure class="sc-cart-line-item-image-wrap wp-container-content-962be591 wp-duotone-unset-1" data-wp-bind--hidden="!context.line_item.image.src"> <img style="margin-top:0;margin-bottom:0;aspect-ratio:1;border-radius:4px;border-width:1px;margin-top:0;margin-bottom:0" class="sc-is-covered wp-block-surecart-cart-line-item-image" data-wp-bind--alt="context.line_item.image.alt" data-wp-bind--srcset="context.line_item.image.srcset" data-wp-bind--sizes="context.line_item.image.sizes" data-wp-bind--src="context.line_item.image.src" loading="lazy" /> </figure> <div class="wp-block-group wp-container-content-9cfa9a5a is-vertical is-content-justification-stretch is-nowrap is-layout-flex wp-container-core-group-is-layout-41c7e08e wp-block-group-is-layout-flex"> <div class="wp-block-group wp-container-content-9cfa9a5a is-content-justification-space-between is-nowrap is-layout-flex wp-container-core-group-is-layout-53e22457 wp-block-group-is-layout-flex"> <div class="wp-block-group wp-container-content-9cfa9a5a"><div class="wp-block-group__inner-container is-layout-flow wp-container-core-group-is-layout-c8108a87 wp-block-group-is-layout-flow"> <a style="font-style:normal;font-weight:500;line-height:1.4;text-decoration:none" class="wp-block-surecart-cart-line-item-title" data-wp-bind--href="state.lineItemPermalink"> <span data-wp-text="context.line_item.price.product.name"></span> </a> <div class="wp-block-group"><div class="wp-block-group__inner-container is-layout-flow wp-container-core-group-is-layout-c8108a87 wp-block-group-is-layout-flow"> <div style="font-size:14px;line-height:1.4" class="wp-block-surecart-cart-line-item-price-name" data-wp-text="state.lineItemPriceName" data-wp-bind--hidden="!state.lineItemPriceName"></div> <div style="font-size:14px;line-height:1.4" class="wp-block-surecart-cart-line-item-variant" data-wp-text="state.lineItemVariant" data-wp-bind--hidden="!state.lineItemVariant"></div> <div data-wp-interactive='{ "namespace": "surecart/line-item-note" }' style="font-size:14px;line-height:1.4" class="wp-block-surecart-cart-line-item-note" data-wp-context='{}' data-wp-run="callbacks.init" data-wp-class--line-item-note--is-expanded="context.noteExpanded" data-wp-class--line-item-note--is-collapsible="context.showToggle" data-wp-bind--hidden="surecart/checkout::!state.lineItemNote" data-wp-on--click="actions.toggleNoteExpanded" data-wp-on--keydown="actions.toggleNoteExpanded" data-wp-bind--role="button" data-wp-bind--disabled="!context.showToggle" data-wp-bind--aria-expanded="context.noteExpanded" data-wp-bind--aria-label="Toggle note visibility" tabindex="0" > <div class="line-item-note__text" data-wp-text="surecart/checkout::state.lineItemNote" ></div> <span class="sc-icon" data-wp-class--sc-icon--rotated="context.noteExpanded" > <svg xmlns="http://www.w3.org/2000/svg" width="16" height="16" viewbox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"> <polyline points="6 9 12 15 18 9" /> </svg> </span> </div> </div></div> <div class="sc-product-line-item__purchasable-status wp-block-surecart-cart-line-item-status has-text-align-right" data-wp-text="context.line_item.purchasable_status_display" data-wp-bind--hidden="!context.line_item.purchasable_status_display" role="status" aria-live="polite" aria-atomic="true" > </div> </div></div> <div class="wp-block-group"><div class="wp-block-group__inner-container is-layout-flow wp-container-core-group-is-layout-c8108a87 wp-block-group-is-layout-flow"> <div class="wp-block-group is-content-justification-right is-nowrap is-layout-flex wp-container-core-group-is-layout-f843080e wp-block-group-is-layout-flex" style="line-height:1.4"> <div class="wp-block-surecart-cart-line-item-scratch-amount" data-wp-text="context.line_item.scratch_display_amount" data-wp-bind--hidden="!state.lineItemHasScratchAmount" ></div> <div style="font-style:normal;font-weight:500" class="wp-block-surecart-cart-line-item-amount has-text-align-right" data-wp-text="context.line_item.subtotal_display_amount"></div> <div style="font-size:14px" class="wp-block-surecart-cart-line-item-interval" data-wp-bind--hidden="!context.line_item.price.short_interval_text"> <span class="wp-block-surecart-cart-line-item-interval__interval" data-wp-bind--hidden="!context.line_item.price.short_interval_text" data-wp-text="context.line_item.price.short_interval_text" ></span> <span class="wp-block-surecart-cart-line-item-interval__count" data-wp-bind--hidden="!context.line_item.price.short_interval_count_text" data-wp-text="context.line_item.price.short_interval_count_text" ></span> </div> </div> <div class="wp-block-group"><div class="wp-block-group__inner-container is-layout-flow wp-container-core-group-is-layout-c8108a87 wp-block-group-is-layout-flow"> <div style="font-size:14px" class="wp-block-surecart-cart-line-item-trial has-text-align-right" data-wp-bind--hidden="!context.line_item.price.trial_text" data-wp-text="context.line_item.price.trial_text" ></div> <template data-wp-each--fee="state.lineItemFees" data-wp-each-key="context.fee.id" > <div style="font-size:14px" class="wp-block-surecart-cart-line-item-fees has-text-align-right"> <span style="font-size:14px" class="wp-block-surecart-cart-line-item-fees has-text-align-right" data-wp-text="context.fee.display_amount" ></span> <span style="font-size:14px" class="wp-block-surecart-cart-line-item-fees has-text-align-right" data-wp-text="context.fee.description" ></span> </div> </template> </div></div> </div></div> </div> <div class="wp-block-group is-content-justification-space-between is-nowrap is-layout-flex wp-container-core-group-is-layout-e5460375 wp-block-group-is-layout-flex"> <div class="wp-block-group wp-container-content-9cfa9a5a"><div class="wp-block-group__inner-container is-layout-flow wp-block-group-is-layout-flow"><div class="sc-input-group sc-input-group-sm sc-quantity-selector wp-block-surecart-cart-line-item-quantity" data-wp-class--quantity--disabled="state.isQuantityDisabled" data-wp-bind--hidden="!state.isEditable" hidden="1"> <div class="sc-input-group-text sc-quantity-selector__decrease" role="button" tabindex="0" data-wp-on--click="surecart/checkout::actions.onQuantityDecrease" data-wp-on--keydown="surecart/checkout::actions.onQuantityDecrease" data-wp-bind--disabled="state.isQuantityDecreaseDisabled" data-wp-bind--aria-disabled="state.isQuantityDecreaseDisabled" data-wp-class--button--disabled="state.isQuantityDecreaseDisabled" data-wp-bind--aria-label="surecart/checkout::state.decreaseQuantityAriaLabel" > <svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewbox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"> <line x1="5" y1="12" x2="19" y2="12" /> </svg> </div> <input type="number" class="sc-form-control sc-quantity-selector__control" data-wp-bind--value="context.line_item.quantity" data-wp-on--change="surecart/checkout::actions.onQuantityChange" data-wp-bind--min="context.line_item.min" data-wp-bind--aria-valuemin="context.line_item.min" data-wp-bind--max="context.line_item.max" data-wp-bind--aria-valuemax="context.line_item.max" data-wp-bind--aria-valuenow="context.line_item.quantity" data-wp-bind--disabled="surecart/checkout::state.loading" data-wp-bind--aria-label="surecart/checkout::state.quantityInputAriaLabel" step="1" autocomplete="off" role="spinbutton" /> <div class="sc-input-group-text sc-quantity-selector__increase" role="button" tabindex="0" data-wp-on--click="surecart/checkout::actions.onQuantityIncrease" data-wp-on--keydown="surecart/checkout::actions.onQuantityIncrease" data-wp-bind--disabled="state.isQuantityIncreaseDisabled" data-wp-bind--aria-disabled="state.isQuantityIncreaseDisabled" data-wp-class--button--disabled="state.isQuantityIncreaseDisabled" data-wp-bind--aria-label="surecart/checkout::state.increaseQuantityAriaLabel" > <svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewbox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"> <line x1="12" y1="5" x2="12" y2="19" /> <line x1="5" y1="12" x2="19" y2="12" /> </svg> </div> </div> </div></div> <div class="wp-block-group is-vertical is-content-justification-right is-layout-flex wp-container-core-group-is-layout-4c9338fd wp-block-group-is-layout-flex"> <div style="font-size:14px;font-style:normal;font-weight:400" class="wp-block-surecart-cart-line-item-remove" data-wp-bind--aria-label="surecart/checkout::state.removeItemAriaLabel" data-wp-on--click="surecart/checkout::actions.removeLineItem" data-wp-on--keydown="surecart/checkout::actions.removeLineItem" role="button" tabindex="0" > <svg class="wp-block-surecart-cart-line-item-remove__icon" xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewbox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"> <line x1="18" y1="6" x2="6" y2="18" /> <line x1="6" y1="6" x2="18" y2="18" /> </svg> <span class="wp-block-surecart-cart-line-item-remove__label"> Eliminar </span> </div> </div> </div> </div> </div> </div></div> </div> <div class="sc-product-line-item__swap" data-wp-bind--hidden="!state.swap" hidden data-wp-on--click="actions.toggleSwap"> <div class="sc-product-line-item__swap-content"> <button type="button" class="sc-toggle" role="switch" aria-checked="false" data-wp-bind--aria-checked="context.line_item.swap" data-wp-class--sc-toggle--checked="context.line_item.swap"> <span class="sc-toggle__label">Usar configuración</span> <span aria-hidden="true" class="sc-toggle__knob"></span> </button> <span data-wp-text="state.swap.description"></span> </div> <div class="sc-product-line-item__swap-amount"> <span data-wp-text="state.swapDisplayAmount" class="sc-product-line-item__swap-amount-value"></span> <span data-wp-text="state.swapIntervalText" class="sc-product-line-item__swap-amount-interval"></span> <span data-wp-text="state.swapIntervalCountText" class="sc-product-line-item__swap-amount-interval-count"></span> </div> </div> </div> </template> </div> </div></div> <div class="wp-block-group" style="border-top-color:#b0b0b069;border-top-width:1px;padding-top:0em;padding-right:0em;padding-bottom:0em;padding-left:0em"><div class="wp-block-group__inner-container is-layout-flow wp-block-group-is-layout-flow"> <div style="border-bottom-width:1px;border-bottom-color:#b0b0b069;padding-top:1.5em;padding-bottom:1.5em;padding-left:2em;padding-right:2em" class="wp-block-surecart-cart-order-bumps" data-wp-context='{"hideAddedItems":true}' data-wp-interactive='{ "namespace": "surecart/order-bumps" }' data-wp-init="callbacks.init" data-wp-bind--hidden="!state.hasOrderBumps" hidden> <div class="wp-block-group is-content-justification-space-between is-nowrap is-layout-flex wp-container-core-group-is-layout-768bb735 wp-block-group-is-layout-flex" style="margin-bottom:0.75em"> <p class="wp-block-paragraph" style="margin-top:0;margin-bottom:0;font-style:normal;font-weight:500">Sugerido para ti</p> <nav class="wp-block-surecart-cart-order-bump-pagination is-layout-flex wp-container-surecart-cart-order-bump-pagination-is-layout-00ae689d wp-block-surecart-cart-order-bump-pagination-is-layout-flex" data-wp-bind--hidden="!state.showPagination" aria-label="Paginación de pedidos adicionales" hidden> <div aria-disabled="true" disabled class="has-arrow-type-chevron wp-block-surecart-cart-order-bump-pagination-previous" data-wp-on--click="surecart/order-bumps::actions.previousPage" data-wp-on--keydown="surecart/order-bumps::actions.handlePreviousKeydown" data-wp-bind--disabled="!state.hasPreviousPage" data-wp-bind--aria-disabled="!state.hasPreviousPage" aria-label="Página anterior" role="button" tabindex="0" > <svg aria-hidden="true" class="wp-block-surecart-cart-order-bump-pagination-previous__icon" xmlns="http://www.w3.org/2000/svg" width="20" height="20" viewbox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"> <polyline points="15 18 9 12 15 6" /> </svg> </div> <div aria-disabled="true" disabled class="has-arrow-type-chevron wp-block-surecart-cart-order-bump-pagination-next" data-wp-on--click="surecart/order-bumps::actions.nextPage" data-wp-on--keydown="surecart/order-bumps::actions.handleNextKeydown" data-wp-bind--disabled="!state.hasNextPage" data-wp-bind--aria-disabled="!state.hasNextPage" aria-label="Página siguiente" role="button" tabindex="0" > <svg aria-hidden="true" class="wp-block-surecart-cart-order-bump-pagination-next__icon" xmlns="http://www.w3.org/2000/svg" width="20" height="20" viewbox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"> <polyline points="9 18 15 12 9 6" /> </svg> </div> </nav> </div> <ul class="wp-block-surecart-cart-order-bump-template is-layout-flex wp-container-surecart-cart-order-bump-template-is-layout-e99f66c5 wp-block-surecart-cart-order-bump-template-is-layout-flex" role="list" data-wp-class--has-overflow="state.hasMultipleBumps" data-wp-on--scrollend="callbacks.onCarouselScroll" data-wp-on--keydown="actions.handleCarouselKeydown" tabindex="0" data-wp-bind--aria-label="state.orderBumpsListAriaLabel" > <template data-wp-each--bump="state.orderBumps" data-wp-each-key="context.bump.id" > <li class="sc-cart-order-bump-item" role="listitem"> <div class="wp-block-group has-border-color wp-container-content-9cfa9a5a is-nowrap is-layout-flex wp-container-core-group-is-layout-e91b8ce6 wp-block-group-is-layout-flex" style="border-color:#e0e0e0;border-width:1px;border-radius:12px;padding-top:0.75em;padding-right:1em;padding-bottom:0.75em;padding-left:0.75em"> <figure class="sc-cart-order-bump-image-wrap wp-container-content-d0d0a6b5" data-wp-bind--hidden="!context.bump.price.product.line_item_image.src"> <img style="aspect-ratio:1;width:72px;border-radius:8px" class="sc-is-covered wp-block-surecart-cart-order-bump-image" data-wp-bind--alt="context.bump.price.product.name" data-wp-bind--src="context.bump.price.product.line_item_image.src" loading="lazy" /> </figure> <div class="wp-block-group wp-container-content-9cfa9a5a is-vertical is-layout-flex wp-container-core-group-is-layout-0370e391 wp-block-group-is-layout-flex"> <span style="font-size:15px;font-weight:600;line-height:1.3" class="wp-block-surecart-cart-order-bump-title" data-wp-text="context.bump.name" ></span> <div style="color:#6b7280;font-size:13px;line-height:1.3" class="wp-block-surecart-cart-order-bump-description has-text-color" data-wp-bind--hidden="!context.bump.metadata.description" data-wp-text="context.bump.metadata.description" hidden></div> <div class="wp-block-group is-nowrap is-layout-flex wp-container-core-group-is-layout-0cf19278 wp-block-group-is-layout-flex"> <div style="font-size:14px" class="wp-block-surecart-cart-order-bump-scratch-amount" data-wp-text="context.bump.subtotal_display_amount" data-wp-bind--hidden="!state.bumpHasDiscount" ></div> <div style="font-size:14px;font-weight:500" class="wp-block-surecart-cart-order-bump-amount" data-wp-text="context.bump.total_display_amount"></div> </div> </div> <div style="font-size:18px;font-weight:400;border-color:#d1d5db;border-top-left-radius:74.6%;border-top-right-radius:74.6%;border-bottom-left-radius:74.6%;border-bottom-right-radius:74.6%;border-width:1px;padding-top:0.5em;padding-bottom:0.5em;padding-left:0.5em;padding-right:0.5em" class="sc-cart-order-bump-add-button wp-block-surecart-cart-order-bump-add-button has-border-color" role="button" tabindex="0" data-wp-on--click="surecart/order-bumps::actions.addBumpToCart" data-wp-on--keydown="surecart/order-bumps::actions.handleAddButtonKeydown" data-wp-bind--disabled="state.isBumpInCart" data-wp-bind--aria-disabled="state.isBumpInCart" data-wp-class--sc-cart-order-bump-add-button--added="state.isBumpInCart" data-wp-bind--aria-label="state.addButtonAriaLabel" aria-label="Añadir al carrito" > <span class="sc-cart-order-bump-add-button__icon" aria-hidden="true" data-wp-bind--hidden="state.isBumpInCart"> <svg aria-hidden="true" xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewbox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"> <line x1="12" y1="5" x2="12" y2="19" /> <line x1="5" y1="12" x2="19" y2="12" /> </svg> </span> <span class="sc-cart-order-bump-add-button__icon" aria-hidden="true" data-wp-bind--hidden="!state.isBumpInCart" hidden> <svg aria-hidden="true" xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewbox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"> <polyline points="20 6 9 17 4 12" /> </svg> </span> </div> </div> </li> </template> </ul> </div> <div class="wp-block-group" style="margin-top:0;margin-bottom:0;padding-top:2em;padding-right:2em;padding-bottom:2em;padding-left:2em"><div class="wp-block-group__inner-container is-layout-constrained wp-container-core-group-is-layout-491b0754 wp-block-group-is-layout-constrained"> <div class="wp-block-surecart-slide-out-cart-items-subtotal is-content-justification-space-between is-nowrap is-layout-flex wp-container-surecart-slide-out-cart-items-subtotal-is-layout-0a93696a wp-block-surecart-slide-out-cart-items-subtotal-is-layout-flex"> <div class="wp-block-group"><div class="wp-block-group__inner-container is-layout-flow wp-container-core-group-is-layout-c8108a87 wp-block-group-is-layout-flow"> <p class="wp-block-paragraph" style="margin-top:0px;margin-bottom:0px;font-size:18px;font-style:normal;font-weight:500;line-height:1.4"> Subtotal</p> <p class="has-text-color has-link-color wp-elements-3ccbd622ec95a2fb9ce4984e15710a06 wp-block-paragraph" style="color:var(--sc-input-help-text-color);font-size:14px;line-height:1.4">Impuestos y envío calculados en la caja</p> </div></div> <div class="wp-block-group is-content-justification-right is-nowrap is-layout-flex wp-container-core-group-is-layout-f843080e wp-block-group-is-layout-flex"><span style="font-size:18px;line-height:1.4" class="wp-block-surecart-cart-subtotal-scratch-amount" data-wp-text="state.checkout.subtotal_scratch_display_amount" data-wp-bind--hidden="!state.hasSubtotalScratchAmount" data-wp-bind--aria-label="state.subtotalScratchAriaLabel" hidden></span> <span style="font-size:18px;font-style:normal;font-weight:500;line-height:1.4" class="wp-block-surecart-cart-subtotal-amount" data-wp-text="state.checkout.subtotal_display_amount"></span> </div> </div> <div class="sc-cart-items-submit__wrapper" style="" > <div class="wp-block-button"> <a style="border-radius:4px" class="wp-block-button__link wp-element-button sc-button__link wp-block-surecart-slide-out-cart-items-submit" href="https://wp-security.org/es/checkout/" data-wp-bind--disabled="state.loading" data-wp-class--sc-button__link--busy="state.loading" > <span class="sc-spinner" aria-hidden="false"></span> <span class="sc-button__link-text">Pagar</span> </a> </div> </div> </div></div> </div></div> <div class="sc-block-ui" data-wp-bind--hidden="!state.loading" hidden></div> </div>  <div class="sc-drawer__backdrop" data-wp-on--mousedown="surecart/cart::actions.closeOverlay" data-wp-on--touchstart="surecart/cart::actions.closeOverlay" data-wp-class--show="surecart/cart::state.open" data-wp-on--keydown="surecart/cart::actions.handleKeydown"></div> </div>  <div data-wp-interactive='{ "namespace": "surecart/checkout" }' class="wp-block-surecart-cart-icon" data-wp-context='{"formId":131,"mode":"live"}' data-wp-on--click="surecart/cart::actions.toggle" data-wp-on--keydown="surecart/cart::actions.toggle" tabindex="0" role="button" data-wp-bind--hidden="!state.hasItems" hidden> <div class="wp-block-surecart-cart-icon__container"> <div class="wp-block-surecart-cart-icon__icon" aria-label="Botón del carrito."> <svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewbox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"> <path d="M6 2L3 6v14a2 2 0 0 0 2 2h14a2 2 0 0 0 2-2V6l-3-4z" /> <line x1="3" y1="6" x2="21" y2="6" /> <path d="M16 10a4 4 0 0 1-8 0" /> </svg> </div> <span class="wp-block-surecart-cart-icon__count" data-wp-text="state.itemsCount" data-wp-bind--aria-label="state.itemsCountAriaLabel" >0</span> </div> </div><script id="wp-url-js" src="https://wp-security.org/wp-includes/js/dist/url.min.js?ver=bb0f766c3d2efe497871"></script> <script id="wp-hooks-js" src="https://wp-security.org/wp-includes/js/dist/hooks.min.js?ver=7496969728ca0f95732d"></script> <script id="wp-i18n-js" src="https://wp-security.org/wp-includes/js/dist/i18n.min.js?ver=781d11515ad3d91786ec"></script> <script id="wp-i18n-js-after"> wp.i18n.setLocaleData( { 'text direction\u0004ltr': [ 'ltr' ] } ); //# sourceURL=wp-i18n-js-after </script> <script id="wp-api-fetch-js-translations"> ( function( domain, translations ) { var localeData = translations.locale_data[ domain ] || translations.locale_data.messages; localeData[""].domain = domain; wp.i18n.setLocaleData( localeData, domain ); } )( "default", {"translation-revision-date":"2026-05-21 11:34:00+0000","generator":"GlotPress\/4.0.3","domain":"messages","locale_data":{"messages":{"":{"domain":"messages","plural-forms":"nplurals=2; plural=n != 1;","lang":"es"},"Could not get a valid response from the server.":["No se pudo obtener una respuesta v\u00e1lida del servidor."],"Unable to connect. Please check your Internet connection.":["No se puede conectar. Revisa tu conexi\u00f3n a Internet."],"Media upload failed. If this is a photo or a large image, please scale it down and try again.":["La subida de medios ha fallado. Si esto es una foto o una imagen grande, por favor, reduce su tama\u00f1o e int\u00e9ntalo de nuevo."],"The response is not a valid JSON response.":["Las respuesta no es una respuesta JSON v\u00e1lida."]}},"comment":{"reference":"wp-includes\/js\/dist\/api-fetch.js"}} ); //# sourceURL=wp-api-fetch-js-translations </script> <script id="wp-api-fetch-js" src="https://wp-security.org/wp-includes/js/dist/api-fetch.min.js?ver=d7efe4dc1468d36c39b8"></script> <script id="wp-api-fetch-js-after"> wp.apiFetch.use( wp.apiFetch.createRootURLMiddleware( "https://wp-security.org/es/wp-json/" ) ); wp.apiFetch.nonceMiddleware = wp.apiFetch.createNonceMiddleware( "700cb694a4" ); wp.apiFetch.use( wp.apiFetch.nonceMiddleware ); wp.apiFetch.use( wp.apiFetch.mediaUploadMiddleware ); wp.apiFetch.nonceEndpoint = "https://wp-security.org/wp-admin/admin-ajax.php?action=rest-nonce"; //# sourceURL=wp-api-fetch-js-after </script> <script id="wp-dom-ready-js" src="https://wp-security.org/wp-includes/js/dist/dom-ready.min.js?ver=a06281ae5cf5500e9317"></script> <script id="wp-a11y-js-translations"> ( function( domain, translations ) { var localeData = translations.locale_data[ domain ] || translations.locale_data.messages; localeData[""].domain = domain; wp.i18n.setLocaleData( localeData, domain ); } )( "default", {"translation-revision-date":"2026-05-21 11:34:00+0000","generator":"GlotPress\/4.0.3","domain":"messages","locale_data":{"messages":{"":{"domain":"messages","plural-forms":"nplurals=2; plural=n != 1;","lang":"es"},"Notifications":["Avisos"]}},"comment":{"reference":"wp-includes\/js\/dist\/a11y.js"}} ); //# sourceURL=wp-a11y-js-translations </script> <script id="wp-a11y-js" src="https://wp-security.org/wp-includes/js/dist/a11y.min.js?ver=af934e5259bc51b8718e"></script> <script id="trp-dynamic-translator-js-extra"> var trp_data = {"trp_custom_ajax_url":"https://wp-security.org/wp-content/plugins/translatepress-multilingual/includes/trp-ajax.php","trp_wp_ajax_url":"https://wp-security.org/wp-admin/admin-ajax.php","trp_language_to_query":"es_ES","trp_original_language":"en_US","trp_current_language":"es_ES","trp_skip_selectors":["[data-no-translation]","[data-no-dynamic-translation]","[data-trp-translate-id-innertext]","script","style","head","trp-span","translate-press","[data-trp-translate-id]","[data-trpgettextoriginal]","[data-trp-post-slug]"],"trp_base_selectors":["data-trp-translate-id","data-trpgettextoriginal","data-trp-post-slug"],"trp_attributes_selectors":{"text":{"accessor":"outertext","attribute":false},"block":{"accessor":"innertext","attribute":false},"image_src":{"selector":"img[src]","accessor":"src","attribute":true},"submit":{"selector":"input[type='submit'],input[type='button'], input[type='reset']","accessor":"value","attribute":true},"placeholder":{"selector":"input[placeholder],textarea[placeholder]","accessor":"placeholder","attribute":true},"title":{"selector":"[title]","accessor":"title","attribute":true},"a_href":{"selector":"a[href]","accessor":"href","attribute":true},"button":{"accessor":"outertext","attribute":false},"option":{"accessor":"innertext","attribute":false},"aria_label":{"selector":"[aria-label]","accessor":"aria-label","attribute":true},"video_src":{"selector":"video[src]","accessor":"src","attribute":true},"video_poster":{"selector":"video[poster]","accessor":"poster","attribute":true},"video_source_src":{"selector":"video source[src]","accessor":"src","attribute":true},"audio_src":{"selector":"audio[src]","accessor":"src","attribute":true},"audio_source_src":{"selector":"audio source[src]","accessor":"src","attribute":true},"picture_image_src":{"selector":"picture image[src]","accessor":"src","attribute":true},"picture_source_srcset":{"selector":"picture source[srcset]","accessor":"srcset","attribute":true}},"trp_attributes_accessors":["outertext","innertext","src","value","placeholder","title","href","aria-label","poster","srcset"],"gettranslationsnonceregular":"173be74acc","showdynamiccontentbeforetranslation":"","skip_strings_from_dynamic_translation":[],"skip_strings_from_dynamic_translation_for_substrings":{"href":["amazon-adsystem","googleads","g.doubleclick"]},"duplicate_detections_allowed":"100","trp_translate_numerals_opt":"no","trp_no_auto_translation_selectors":["[data-no-auto-translation]"]}; //# sourceURL=trp-dynamic-translator-js-extra </script> <script id="trp-dynamic-translator-js" src="https://wp-security.org/wp-content/plugins/translatepress-multilingual/assets/js/trp-translate-dom-changes.js?ver=3.2.1"></script> <script id="powerkit-js" src="https://wp-security.org/wp-content/plugins/powerkit/assets/js/_scripts.js?ver=3.0.7"></script> <script id="swv-js" src="https://wp-security.org/wp-content/plugins/contact-form-7/includes/swv/js/index.js?ver=6.1.6"></script> <script id="contact-form-7-js-translations"> ( function( domain, translations ) { var localeData = translations.locale_data[ domain ] || translations.locale_data.messages; localeData[""].domain = domain; wp.i18n.setLocaleData( localeData, domain ); } )( "contact-form-7", {"translation-revision-date":"2025-12-01 15:45:40+0000","generator":"GlotPress\/4.0.3","domain":"messages","locale_data":{"messages":{"":{"domain":"messages","plural-forms":"nplurals=2; plural=n != 1;","lang":"es"},"This contact form is placed in the wrong place.":["Este formulario de contacto est\u00e1 situado en el lugar incorrecto."],"Error:":["Error:"]}},"comment":{"reference":"includes\/js\/index.js"}} ); //# sourceURL=contact-form-7-js-translations </script> <script id="contact-form-7-js-before"> var wpcf7 = { "api": { "root": "https:\/\/wp-security.org\/es\/wp-json\/", "namespace": "contact-form-7\/v1" }, "cached": 1 }; //# sourceURL=contact-form-7-js-before </script> <script id="contact-form-7-js" src="https://wp-security.org/wp-content/plugins/contact-form-7/includes/js/index.js?ver=6.1.6"></script> <script id="disqus_count-js-extra"> var countVars = {"disqusShortname":"wp-security-org"}; //# sourceURL=disqus_count-js-extra </script> <script id="disqus_count-js" src="https://wp-security.org/wp-content/plugins/disqus-comment-system/public/js/comment_count.js?ver=3.1.4"></script> <script id="disqus_embed-js-extra"> var embedVars = {"disqusConfig":{"integration":"wordpress 3.1.4 7.0"},"disqusIdentifier":"4190 https://wp-security.org/uncategorized/hong-kong-ngo-alert-xss-in-plugincve20264142/","disqusShortname":"wp-security-org","disqusTitle":"Hong Kong NGO Alert XSS in Plugin(CVE20264142)","disqusUrl":"https://wp-security.org/es/vulnerability-database/hong-kong-ngo-alert-xss-in-plugincve20264142/","postId":"4190"}; //# sourceURL=disqus_embed-js-extra </script> <script id="disqus_embed-js" src="https://wp-security.org/wp-content/plugins/disqus-comment-system/public/js/comment_embed.js?ver=3.1.4"></script> <script id="powerkit-basic-elements-js" src="https://wp-security.org/wp-content/plugins/powerkit/modules/basic-elements/public/js/public-powerkit-basic-elements.js?ver=4.0.0"></script> <script id="justifiedgallery-js" src="https://wp-security.org/wp-content/plugins/canvas/components/justified-gallery/block/jquery.justifiedGallery.min.js?ver=2.5.3"></script> <script id="powerkit-justified-gallery-js-extra"> var powerkitJG = {"rtl":""}; //# sourceURL=powerkit-justified-gallery-js-extra </script> <script id="powerkit-justified-gallery-js" src="https://wp-security.org/wp-content/plugins/powerkit/modules/justified-gallery/public/js/public-powerkit-justified-gallery.js?ver=3.0.7"></script> <script id="imagesloaded-js" src="https://wp-security.org/wp-includes/js/imagesloaded.min.js?ver=5.0.0"></script> <script id="glightbox-js" src="https://wp-security.org/wp-content/plugins/powerkit/modules/lightbox/public/js/glightbox.min.js?ver=3.0.7"></script> <script id="powerkit-lightbox-js-extra"> var powerkit_lightbox_localize = {"text_previous":"Previous","text_next":"Next","text_close":"Close","text_loading":"Loading","text_counter":"of","single_image_selectors":".entry-content img,.single .post-media img","gallery_selectors":".wp-block-gallery,.gallery","exclude_selectors":".sight-portfolio-area","zoom_icon":"1"}; //# sourceURL=powerkit-lightbox-js-extra </script> <script id="powerkit-lightbox-js" src="https://wp-security.org/wp-content/plugins/powerkit/modules/lightbox/public/js/public-powerkit-lightbox.js?ver=3.0.7"></script> <script id="powerkit-opt-in-forms-js-extra"> var opt_in = {"ajax_url":"https://wp-security.org/wp-admin/admin-ajax.php","warning_privacy":"Please confirm that you agree with our policies.","is_admin":"","server_error":"Server error occurred. Please try again later."}; //# sourceURL=powerkit-opt-in-forms-js-extra </script> <script id="powerkit-opt-in-forms-js" src="https://wp-security.org/wp-content/plugins/powerkit/modules/opt-in-forms/public/js/public-powerkit-opt-in-forms.js?ver=3.0.7"></script> <script id="powerkit-pinterest-js" async="async" defer="defer" src="//assets.pinterest.com/js/pinit.js?ver=7.0"></script> <script id="powerkit-pin-it-js-extra"> var powerkit_pinit_localize = {"image_selectors":".entry-content img","exclude_selectors":".cnvs-block-row,.cnvs-block-section,.cnvs-block-posts .entry-thumbnail,.cnvs-post-thumbnail,.pk-block-author,.pk-featured-categories img,.pk-inline-posts-container img,.pk-instagram-image,.pk-subscribe-image,.wp-block-cover,.pk-block-posts,.sight-portfolio-entry-link-page","only_hover":"1"}; //# sourceURL=powerkit-pin-it-js-extra </script> <script id="powerkit-pin-it-js" src="https://wp-security.org/wp-content/plugins/powerkit/modules/pinterest/public/js/public-powerkit-pin-it.js?ver=3.0.7"></script> <script id="powerkit-scroll-to-top-js" src="https://wp-security.org/wp-content/plugins/powerkit/modules/scroll-to-top/public/js/public-powerkit-scroll-to-top.js?ver=3.0.7"></script> <script id="powerkit-share-buttons-js" src="https://wp-security.org/wp-content/plugins/powerkit/modules/share-buttons/public/js/public-powerkit-share-buttons.js?ver=3.0.7"></script> <script id="flickity-js" src="https://wp-security.org/wp-content/plugins/canvas/components/slider-gallery/block/flickity.pkgd.min.js?ver=2.5.3"></script> <script id="powerkit-slider-gallery-js-extra"> var powerkit_sg_flickity = {"page_info_sep":" of "}; //# sourceURL=powerkit-slider-gallery-js-extra </script> <script id="powerkit-slider-gallery-js" src="https://wp-security.org/wp-content/plugins/powerkit/modules/slider-gallery/public/js/public-powerkit-slider-gallery.js?ver=3.0.7"></script> <script id="powerkit-table-of-contents-js-extra"> var powerkit_toc_config = {"label_show":"Show","label_hide":"Hide"}; //# sourceURL=powerkit-table-of-contents-js-extra </script> <script id="powerkit-table-of-contents-js" src="https://wp-security.org/wp-content/plugins/powerkit/modules/table-of-contents/public/js/public-powerkit-table-of-contents.js?ver=3.0.7"></script> <script id="magnific-popup-js" src="https://wp-security.org/wp-content/plugins/sight/render/js/jquery.magnific-popup.min.js?ver=1774098503"></script> <script id="sight-block-script-js-extra"> var sight_lightbox_localize = {"text_previous":"Previous","text_next":"Next","text_close":"Close","text_loading":"Loading","text_counter":"of"}; //# sourceURL=sight-block-script-js-extra </script> <script id="sight-block-script-js" src="https://wp-security.org/wp-content/plugins/sight/render/js/sight.js?ver=1774098503"></script> <script id="colcade-js" src="https://wp-security.org/wp-content/plugins/canvas/components/posts/block-posts/colcade.js?ver=2.5.3"></script> <script id="object-fit-images-js" src="https://wp-security.org/wp-content/themes/squaretype/js/ofi.min.js?ver=3.2.3"></script> <script id="csco-scripts-js-extra"> var csco_mega_menu = {"rest_url":"https://wp-security.org/es/wp-json/csco/v1/menu-posts","current_lang":"","current_locale":"es_ES"}; //# sourceURL=csco-scripts-js-extra </script> <script id="csco-scripts-js" src="https://wp-security.org/wp-content/themes/squaretype/js/scripts.js?ver=3.1.1"></script> <script async data-wp-strategy="async" fetchpriority="low" id="comment-reply-js" src="https://wp-security.org/wp-includes/js/comment-reply.min.js?ver=7.0"></script> <script id="wp-emoji-settings" type="application/json"> {"baseUrl":"https://s.w.org/images/core/emoji/17.0.2/72x72/","ext":".png","svgUrl":"https://s.w.org/images/core/emoji/17.0.2/svg/","svgExt":".svg","source":{"concatemoji":"https://wp-security.org/wp-includes/js/wp-emoji-release.min.js?ver=7.0"}} </script> <script type="module"> /*! This file is auto-generated */ const a=JSON.parse(document.getElementById("wp-emoji-settings").textContent),o=(window._wpemojiSettings=a,"wpEmojiSettingsSupports"),s=["flag","emoji"];function i(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,JSON.stringify(t))}catch(e){}}function c(e,t,n){e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(t,0,0);t=new Uint32Array(e.getImageData(0,0,e.canvas.width,e.canvas.height).data);e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(n,0,0);const a=new Uint32Array(e.getImageData(0,0,e.canvas.width,e.canvas.height).data);return t.every((e,t)=>e===a[t])}function p(e,t){e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(t,0,0);var n=e.getImageData(16,16,1,1);for(let e=0;e<n.data.length;e++)if(0!==n.data[e])return!1;return!0}function u(e,t,n,a){switch(t){case"flag":return n(e,"\ud83c\udff3\ufe0f\u200d\u26a7\ufe0f","\ud83c\udff3\ufe0f\u200b\u26a7\ufe0f")?!1:!n(e,"\ud83c\udde8\ud83c\uddf6","\ud83c\udde8\u200b\ud83c\uddf6")&&!n(e,"\ud83c\udff4\udb40\udc67\udb40\udc62\udb40\udc65\udb40\udc6e\udb40\udc67\udb40\udc7f","\ud83c\udff4\u200b\udb40\udc67\u200b\udb40\udc62\u200b\udb40\udc65\u200b\udb40\udc6e\u200b\udb40\udc67\u200b\udb40\udc7f");case"emoji":return!a(e,"\ud83e\u1fac8")}return!1}function f(e,t,n,a){let r;const o=(r="undefined"!=typeof WorkerGlobalScope&&self instanceof WorkerGlobalScope?new OffscreenCanvas(300,150):document.createElement("canvas")).getContext("2d",{willReadFrequently:!0}),s=(o.textBaseline="top",o.font="600 32px Arial",{});return e.forEach(e=>{s[e]=t(o,e,n,a)}),s}function r(e){var t=document.createElement("script");t.src=e,t.defer=!0,document.head.appendChild(t)}a.supports={everything:!0,everythingExceptFlag:!0},new Promise(t=>{let n=function(){try{var e=JSON.parse(sessionStorage.getItem(o));if("object"==typeof e&&"number"==typeof e.timestamp&&(new Date).valueOf()<e.timestamp+604800&&"object"==typeof e.supportTests)return e.supportTests}catch(e){}return null}();if(!n){if("undefined"!=typeof Worker&&"undefined"!=typeof OffscreenCanvas&&"undefined"!=typeof URL&&URL.createObjectURL&&"undefined"!=typeof Blob)try{var e="postMessage("+f.toString()+"("+[JSON.stringify(s),u.toString(),c.toString(),p.toString()].join(",")+"));",a=new Blob([e],{type:"text/javascript"});const r=new Worker(URL.createObjectURL(a),{name:"wpTestEmojiSupports"});return void(r.onmessage=e=>{i(n=e.data),r.terminate(),t(n)})}catch(e){}i(n=f(s,u,c,p))}t(n)}).then(e=>{for(const n in e)a.supports[n]=e[n],a.supports.everything=a.supports.everything&&a.supports[n],"flag"!==n&&(a.supports.everythingExceptFlag=a.supports.everythingExceptFlag&&a.supports[n]);var t;a.supports.everythingExceptFlag=a.supports.everythingExceptFlag&&!a.supports.flag,a.supports.everything||((t=a.source||{}).concatemoji?r(t.concatemoji):t.wpemoji&&t.twemoji&&(r(t.twemoji),r(t.wpemoji)))}); //# sourceURL=https://wp-security.org/wp-includes/js/wp-emoji-loader.min.js </script> <div style="position:absolute;margin:-1px;padding:0;height:1px;width:1px;overflow:hidden;clip-path:inset(50%);border:0;word-wrap:normal !important;"><p id="a11y-speak-intro-text" class="a11y-speak-intro-text" hidden data-no-translation="" data-trp-gettext="">Avisos</p><div id="a11y-speak-assertive" class="a11y-speak-region" aria-live="assertive" aria-relevant="additions text" aria-atomic="true"></div><div id="a11y-speak-polite" class="a11y-speak-region" aria-live="polite" aria-relevant="additions text" aria-atomic="true"></div></div>  <script type="text/javascript"> (function () { window.usermaven = window.usermaven || (function () { (window.usermavenQ = window.usermavenQ || []).push(arguments); }) var t = document.createElement('script'), s = document.getElementsByTagName('script')[0]; t.defer = true; t.id = 'um-tracker'; t.setAttribute('data-tracking-host', 'https://u.wp-security.org'); t.setAttribute('data-key', 'UMZaYew9Sp'); t.setAttribute('data-autocapture', 'true'); t.setAttribute('data-randomize-url', 'true'); t.src = 'https://u.wp-security.org/lib.js'; s.parentNode.insertBefore(t, s); })(); </script>  <nav class="trp-language-switcher trp-floating-switcher trp-ls-dropdown trp-switcher-position-bottom" style="--bg:#ffffffb2;--bg-hover:#0000000d;--text:#000000;--text-hover:#000000;--border:1px solid transparent;--border-radius:8px 8px 0px 0px;--flag-radius:2px;--flag-size:20px;--aspect-ratio:4/3;--font-size:16px;--switcher-width:auto;--switcher-padding:10px 0;--transition-duration:0.2s;--bottom:0px;--right:10vw" role="navigation" aria-label="Selector de idioma del sitio web" data-no-translation > <div class="trp-language-switcher-inner"> <div class="trp-language-item trp-language-item__current" title="Spanish" role="button" tabindex="0" aria-expanded="false" aria-label="Cambiar idioma" aria-controls="trp-switcher-dropdown-list" data-no-translation><span class="trp-language-item-name">Spanish</span></div> <div class="trp-switcher-dropdown-list" id="trp-switcher-dropdown-list" role="group" aria-label="Idiomas disponibles" hidden inert > <a href="https://wp-security.org/vulnerability-database/hong-kong-ngo-alert-xss-in-plugincve20264142/" class="trp-language-item" title="English" data-no-translation><span class="trp-language-item-name">English</span></a> <a href="https://wp-security.org/zh/vulnerability-database/hong-kong-ngo-alert-xss-in-plugincve20264142/" class="trp-language-item" title="Chinese (Hong Kong)" data-no-translation><span class="trp-language-item-name">Chinese (Hong Kong)</span></a> <a href="https://wp-security.org/zh_cn/vulnerability-database/hong-kong-ngo-alert-xss-in-plugincve20264142/" class="trp-language-item" title="Chinese (China)" data-no-translation><span class="trp-language-item-name">Chinese (China)</span></a> <a href="https://wp-security.org/hi/vulnerability-database/hong-kong-ngo-alert-xss-in-plugincve20264142/" class="trp-language-item" title="Hindi" data-no-translation><span class="trp-language-item-name">Hindi</span></a> <a href="https://wp-security.org/fr/vulnerability-database/hong-kong-ngo-alert-xss-in-plugincve20264142/" class="trp-language-item" title="French" data-no-translation><span class="trp-language-item-name">French</span></a> </div> </div> </nav> <script type="text/javascript"> "use strict"; (function($) { $( window ).on( 'load', function() { // Each All Share boxes. $( '.pk-share-buttons-mode-rest' ).each( function() { var powerkitButtonsIds = [], powerkitButtonsBox = $( this ); // Check Counts. if ( ! powerkitButtonsBox.hasClass( 'pk-share-buttons-has-counts' ) && ! powerkitButtonsBox.hasClass( 'pk-share-buttons-has-total-counts' ) ) { return; } powerkitButtonsBox.find( '.pk-share-buttons-item' ).each( function() { if ( $( this ).attr( 'data-id' ).length > 0 ) { powerkitButtonsIds.push( $( this ).attr( 'data-id' ) ); } }); // Generate accounts data. var powerkitButtonsData = {}; if( powerkitButtonsIds.length > 0 ) { powerkitButtonsData = { 'ids' : powerkitButtonsIds.join(), 'post_id' : powerkitButtonsBox.attr( 'data-post-id' ), 'url' : powerkitButtonsBox.attr( 'data-share-url' ), }; } // Get results by REST API. $.ajax({ type: 'GET', url: 'https://wp-security.org/es/wp-json/social-share/v1/get-shares', data: powerkitButtonsData, beforeSend: function(){ // Add Loading Class. powerkitButtonsBox.addClass( 'pk-share-buttons-loading' ); }, success: function( response ) { if ( ! $.isEmptyObject( response ) && ! response.hasOwnProperty( 'code' ) ) { // Accounts loop. $.each( response, function( index, data ) { if ( index !== 'total_count' ) { // Find Bsa Item. var powerkitButtonsItem = powerkitButtonsBox.find( '.pk-share-buttons-item[data-id="' + index + '"]'); // Set Count. if ( data.hasOwnProperty( 'count' ) && data.count ) { powerkitButtonsItem.removeClass( 'pk-share-buttons-no-count' ).addClass( 'pk-share-buttons-item-count' ); powerkitButtonsItem.find( '.pk-share-buttons-count' ).html( data.count ); } else { powerkitButtonsItem.addClass( 'pk-share-buttons-no-count' ); } } }); if ( powerkitButtonsBox.hasClass( 'pk-share-buttons-has-total-counts' ) && response.hasOwnProperty( 'total_count' ) ) { var powerkitButtonsTotalBox = powerkitButtonsBox.find( '.pk-share-buttons-total' ); if ( response.total_count ) { powerkitButtonsTotalBox.find( '.pk-share-buttons-count' ).html( response.total_count ); powerkitButtonsTotalBox.show().removeClass( 'pk-share-buttons-total-no-count' ); } } } // Remove Loading Class. powerkitButtonsBox.removeClass( 'pk-share-buttons-loading' ); }, error: function() { // Remove Loading Class. powerkitButtonsBox.removeClass( 'pk-share-buttons-loading' ); } }); }); }); })(jQuery); </script> </body> </html>