JSON Content Importer < 2.0.10 — Contributor+ Stored XSS (CVE‑2025‑15363)

Nombre del plugin	Plugin de importación de contenido JSON de WordPress
Tipo de vulnerabilidad	Scripting entre sitios (XSS)
Número CVE	CVE-2025-15363
Urgencia	Medio
Fecha de publicación de CVE	2026-03-19
URL de origen	CVE-2025-15363

Importador de contenido JSON < 2.0.10 — Contribuyente+ XSS almacenado (CVE‑2025‑15363)

Publicado: 2026-03-19

Como profesionales de seguridad con sede en Hong Kong y experiencia práctica en respuesta a incidentes de WordPress, esta publicación proporciona un desglose técnico de CVE‑2025‑15363 (XSS almacenado) que afecta a las versiones del plugin Importador de contenido JSON anteriores a 2.0.10. El objetivo es pragmático: explicar la mecánica, el impacto realista, las técnicas de detección, los pasos de contención y las medidas de endurecimiento a largo plazo para reducir el riesgo mientras aplicas el parche del proveedor.

Resumen rápido (tl;dr)

Existe un XSS almacenado en el plugin Importador de contenido JSON anterior a la versión 2.0.10.
La vulnerabilidad puede ser abusada por cuentas con privilegios de Contributor o superiores.
La explotación exitosa requiere la interacción de un usuario privilegiado (por ejemplo, visualizando una publicación elaborada en el administrador), por lo que la ingeniería social suele estar involucrada.
CVSS (valor reportado) es 6.5 — impacto medio-alto para sitios con roles de Contributor y flujos de trabajo de revisión activa de editores/admin.
Actualiza a 2.0.10 (o posterior) como la solución definitiva. Si no puedes actualizar de inmediato, aplica las mitigaciones temporales descritas a continuación.

Por qué el XSS almacenado es importante en WordPress

El XSS almacenado es peligroso porque la entrada maliciosa se persiste en el sitio (publicaciones, postmeta, configuraciones de plugins, comentarios, etc.) y se ejecuta más tarde en el contexto del navegador de una víctima. En WordPress, los usuarios administradores son las víctimas de mayor valor: si un atacante puede ejecutar un script en la sesión de un administrador, es posible la toma de control del sitio.

Consecuencias comunes después de la explotación:

Robo de sesión de administrador (secuestración de cookies/sesiones) que lleva a la toma de control del sitio.
Escalación de privilegios a través de acciones impulsadas por JavaScript (creación de nuevos usuarios administradores, cambio de opciones a través de AJAX).
Instalación de puertas traseras persistentes o shells web.
Distribución de malware o formularios de recolección de credenciales a los visitantes del sitio.
Inyección de contenido, spam SEO y daño a la reputación a largo plazo.

Cómo funciona esta vulnerabilidad específica — a alto nivel

Un usuario con capacidad de Contributor (o superior) envía datos a un endpoint o interfaz de usuario proporcionada por el plugin — por ejemplo, un campo de importación o un área donde se almacena contenido o marcado JSON.
El plugin persiste los datos sin sanitizarlos o escaparlos adecuadamente cuando se muestran más tarde dentro de una página de administración (u otra página visitada por usuarios privilegiados).
Un Administrador o Editor abre la página afectada en el panel de control (o vista previa), y el JavaScript inyectado se ejecuta en su navegador.
El script realiza acciones privilegiadas (usando cookies, llamando a acciones AJAX de administrador, creando usuarios, exfiltrando tokens), permitiendo la toma de control o compromiso persistente.

Puntos clave: La explotación requiere que un usuario privilegiado vea la carga útil almacenada; el atacante inicial solo necesita acceso de colaborador. Esto es significativo para sitios que aceptan envíos de colaboradores o permiten importaciones de contenido de fuentes externas.

Escenarios de explotación realistas

Los colaboradores voluntarios envían borradores en un sitio de noticias. Un atacante incluye una carga útil JSON diseñada que se ejecuta cuando un Editor revisa el borrador.
Cuenta de contratista comprometida o contratista malicioso suministra la carga útil a través de la funcionalidad de importación del plugin.
Sitios que ingieren JSON/RSS remoto: un atacante modifica la fuente o inyecta cargas útiles alimentadas al plugin.
Ingeniería social: el atacante pide a un Editor que “por favor revise mi publicación”, aumentando la posibilidad de que se vea la carga útil.

Lista de verificación de acción inmediata — qué hacer ahora (0–72 horas)

Actualiza el plugin a 2.0.10 (o posterior) inmediatamente si utilizas JSON Content Importer. Esta es la única solución permanente.
Si no puede actualizar de inmediato:
- Desactiva o desinstala el plugin hasta que puedas aplicar un parche.
- Restringe el acceso a los puntos finales del plugin (ver ejemplos temporales de WAF/htaccess a continuación).
- Elimina temporalmente la capacidad de Colaborador para interactuar con el plugin o restringe las acciones del rol de Colaborador.
Escanea en busca de indicadores de compromiso (IOCs):
- Busca etiquetas de script en publicaciones, postmeta y otras tablas del plugin.
- Revisa los archivos en busca de archivos PHP recién añadidos o modificaciones recientes.
- Busca administradores creados o cambios de rol inesperados.
Fuerza el restablecimiento de contraseñas para todos los administradores y cuentas privilegiadas si detectas actividad sospechosa.
Asegúrate de que las copias de seguridad estén disponibles y toma una copia de seguridad nueva antes de la remediación.

Cómo detectar si has sido objetivo / explotado

El XSS almacenado puede ser sigiloso. Utilice escaneos automáticos más consultas manuales a la base de datos y revisión de registros.

Busque etiquetas de script en la base de datos:

-- Publicaciones que contienen etiquetas de script


Search for common JS payload patterns:

onerror=
onload=
javascript:

</ul>
<p>Example WP‑CLI command:</p>
<pre><code># Search for "<script" in post content using WP-CLI
wp db query "SELECT ID, post_title FROM wp_posts WHERE post_content LIKE '%<script%';"</code></pre>
<p>Server log review:</p>
<ul>
<li>Look for suspicious POST requests to plugin endpoints such as admin-ajax.php, plugin import endpoints, or unusual REST calls mapping to plugin routes.</li>
<li>Check for requests from unfamiliar IPs or spikes in contributor activity.</li>
</ul>
<p>Browser console evidence: administrators reporting popups, unexpected redirects, or automatic downloads may indicate JS execution.</p>
<p>File system checks:</p>
<pre><code># Find PHP files modified in last 14 days
find /var/www/html -type f -iname '*.php' -mtime -14 -ls</code></pre>
<p>User accounts:</p>
<pre><code>wp user list --role=administrator --fields=ID,user_login,user_email,user_registered
wp user list --role=subscriber --role=contributor --fields=ID,user_login,user_email,user_registered</code></pre>
<h2 id="incident-response-if-you-suspect-compromise">Incident response — if you suspect compromise</h2>
<ol>
<li>Isolate the environment: put the site into maintenance mode or temporarily take it offline; isolate credentials and processes if hosting multiple sites on the same server.</li>
<li>Take a full backup (files + DB) immediately for forensics.</li>
<li>Identify the attack vector and affected records (use the detection queries above).</li>
<li>Clean the site:
<ul>
<li>Remove malicious entries from post_content/postmeta (manually or via clean backups).</li>
<li>Remove injected files and malicious scheduled tasks.</li>
<li>Reinstall core and plugin files from known clean sources.</li>
</ul>
</li>
<li>Reset credentials:
<ul>
<li>Force password reset for all admin users.</li>
<li>Rotate API keys, webhook secrets, and tokens stored on the site.</li>
</ul>
</li>
<li>Verify integrity with malware scans and log inspection for persistence or beaconing.</li>
<li>Restore from a clean backup if necessary.</li>
<li>Review and harden: update the plugin to 2.0.10+, re‑examine user roles and remove unnecessary contributor accounts, and deploy temporary request filtering where needed.</li>
</ol>
<p>If you are unsure at any step, engage a qualified WordPress security professional; persistent backdoors can be subtle and difficult to detect.</p>
<h2 id="short-term-mitigations-and-virtual-patching-waf-rules">Short‑term mitigations and virtual patching (WAF rules)</h2>
<p>If you cannot patch immediately, virtual patching with a properly configured WAF can reduce exposure. The examples below are generic and must be adapted and tested for your environment.</p>
<ol>
<li>Block common XSS payload patterns in requests targeting plugin endpoints:
<ul>
<li>Block if request contains “<script”, “onerror=”, “onload=”, “javascript:”, “svg/onload”, “img/onerror”.</li>
</ul>
</li>
<li>Rate limit POST requests to plugin endpoints and admin AJAX.</li>
<li>Restrict REQUEST_URI patterns that match plugin import paths if those endpoints are unused.</li>
</ol>
<p>Example ModSecurity style rule (adapt to your WAF platform):</p>
<pre><code># Example pattern-based WAF rule — adapt IDs & syntax to your WAF
SecRule REQUEST_URI "@pm /wp-admin/admin.php /wp-admin/admin-ajax.php /wp-json/" \
 "phase:2,t:none,chain,log,deny,msg:'Block potential stored XSS to plugin import endpoints',id:1000001"
  SecRule REQUEST_BODY|ARGS|ARGS_NAMES|XML:/* "@rx (<script\b|onerror\s*=|onload\s*=|javascript:|alert\(|<svg\b.*onload)" \
  "t:none,log,deny,status:403"</code></pre>
<p>Important: pattern matching may produce false positives. Run in log mode initially to tune rules before enforcing deny.</p>
<p>Temporary .htaccess protection for plugin folder:</p>
<pre><code># Deny access to plugin admin endpoints unless from trusted IPs (example)
<IfModule mod_rewrite.c>
  RewriteEngine On
  RewriteCond %{REQUEST_URI} ^/wp-content/plugins/json-content-importer/ [NC]
  # Allow trusted admin IP e.g. 203.0.113.5
  RewriteCond %{REMOTE_ADDR} !^203\.0\.113\.5$
  RewriteRule ^.* - [F,L]
</IfModule></code></pre>
<p>Or deny public access to specific plugin PHP files unless strictly necessary.</p>
<h2 id="hardening-recommendations-long-term">Hardening recommendations (long term)</h2>
<ul>
<li>Keep everything updated — WordPress core, themes, and plugins.</li>
<li>Enforce least privilege: only grant Contributor or higher when required; consider manual approval for new contributors.</li>
<li>Require two‑factor authentication for elevated roles.</li>
<li>Reduce attack surface: uninstall or disable unused plugins, especially those that parse or import remote content.</li>
<li>Sanitize and escape:
<ul>
<li>Perform server‑side sanitization on input that may be output to admin pages.</li>
<li>Ensure plugin output is escaped using esc_html, esc_attr, wp_kses_post where appropriate.</li>
</ul>
</li>
<li>Implement a Content Security Policy (CSP) where compatible to limit inline script execution.</li>
<li>Prefer role‑scoped preview workflows that avoid exposing raw HTML from contributors to admins.</li>
<li>Log and monitor admin activity, file changes, and set up integrity checking (file hashes) and scheduled malware scans.</li>
<li>Harden file permissions and disable file editing by defining DISALLOW_FILE_EDIT in wp-config.php.</li>
<li>Choose plugins with active maintenance and a good security track record.</li>
</ul>
<h2 id="developer-checklist-what-to-fix-in-plugin-code">Developer checklist — what to fix in plugin code</h2>
<p>If you are auditing or maintaining code:</p>
<ul>
<li>Validate and sanitize all user‑controlled input before persisting to the database. Use wp_kses() / wp_kses_post() with a strict allowed set when HTML is expected.</li>
<li>Escape output when rendering in admin pages: esc_html(), esc_attr(), wp_kses_post(). Never echo unescaped HTML coming from untrusted users into admin pages.</li>
<li>Use nonce and capability checks on endpoints that accept input.</li>
<li>Avoid rendering raw JSON or unchecked data inside inline script blocks. If serializing data into JS, use wp_json_encode() and appropriate escaping.</li>
<li>Do not trust user roles alone — add contextual validation where appropriate.</li>
</ul>
<h2 id="useful-detection-cleanup-scripts">Useful detection & cleanup scripts</h2>
<p>Practical queries and commands you can run immediately.</p>
<pre><code>-- Search for "onerror=" and "onload=" in post content
SELECT ID, post_title, post_modified
FROM wp_posts
WHERE post_content LIKE '%onerror=%' OR post_content LIKE '%onload=%' OR post_content LIKE '%javascript:%';

-- Search for "<script" occurrences in postmeta
SELECT post_id, meta_key
FROM wp_postmeta
WHERE meta_value LIKE '%<script%';</code></pre>
<p>WP‑CLI example (use with caution and backups):</p>
<pre><code># Replace dangerous script tags with sanitized entity (backup first)
wp db query "UPDATE wp_posts SET post_content = REPLACE(post_content, '<script', '&lt;script') WHERE post_content LIKE '%<script%';"</code></pre>
<p>A safer approach is to export suspicious records and manually review before mass changes.</p>
<h2 id="why-a-waf-helps">Why a WAF helps</h2>
<p>A properly configured Web Application Firewall provides important short‑term benefits while you update vulnerable components:</p>
<ul>
<li>Virtual patching: block exploit patterns targeting plugin endpoints before the vendor update is applied.</li>
<li>Request inspection: catch and block payloads containing inline scripts, suspicious attributes, or known XSS signatures.</li>
<li>Detection: log and alert on suspicious requests, enabling faster incident response.</li>
</ul>
<p>WAFs are a layer in defense‑in‑depth and not a replacement for patching vulnerable code.</p>
<h2 id="example-waf-rule-logic-to-apply">Example WAF rule logic to apply</h2>
<ul>
<li>Deny POST requests with payloads containing common XSS constructs when targeting the plugin’s import/admin endpoints.</li>
<li>Block requests that include HTTP parameters like content= or json= with <script or onerror= patterns.</li>
<li>Run detection (log) mode first, tune rules to reduce false positives, then enable blocking.</li>
</ul>
<h2 id="practical-configuration-examples">Practical configuration examples</h2>
<ol>
<li>Limit Contributor role capabilities: remove upload_files and other unnecessary capabilities from Contributor.</li>
<li>Sanitize saves globally (temporary mu‑plugin):</li>
</ol>
<pre><code><?php
// Put in an mu-plugin to sanitize post content when saved by contributors
add_action('save_post', 'hk_sanitize_contributor_content', 10, 3);
function hk_sanitize_contributor_content($post_ID, $post, $update) {
  if (defined('DOING_AUTOSAVE') && DOING_AUTOSAVE) return;
  $user = wp_get_current_user();
  if (in_array('contributor', (array)$user->roles)) {
    $clean = wp_kses($post->post_content, wp_kses_allowed_html('post'));
    if ($clean !== $post->post_content) {
      // Prevent infinite loop: remove action, update, re-add
      remove_action('save_post', 'hk_sanitize_contributor_content', 10);
      wp_update_post(array('ID' => $post_ID, 'post_content' => $clean));
      add_action('save_post', 'hk_sanitize_contributor_content', 10, 3);
    }
  }
}
?></code></pre>
<p>This is a temporary mitigation and does not replace the official plugin patch.</p>
<h2 id="post-update-verification">Post‑update verification</h2>
<ol>
<li>Confirm the plugin update applied successfully.</li>
<li>Re‑scan the database for XSS artifacts (script tags, event handlers).</li>
<li>Inspect admin pages where plugin output is shown to confirm values are escaped.</li>
<li>Review access logs for exploitation attempts and confirm any WAF logging shows expected entries.</li>
<li>Rotate admin credentials and API keys if you found evidence of compromise.</li>
</ol>
<h2 id="frequently-asked-questions">Frequently asked questions</h2>
<h3 id="q-im-a-small-blog-with-no-contributors-am-i-at-risk">Q: I’m a small blog with no contributors — am I at risk?</h3>
<p>A: Lower risk, but not zero. If any role beyond Subscriber interacts with the plugin, or if the plugin consumes remote JSON, you may be vulnerable. Update the plugin and review your usage.</p>
<h3 id="q-if-i-uninstall-the-plugin-does-that-remove-the-stored-payload">Q: If I uninstall the plugin, does that remove the stored payload?</h3>
<p>A: Not necessarily. Uninstalling may leave data in the database (options, postmeta). You should search for and remove malicious content in the database regardless of plugin removal.</p>
<h3 id="q-does-this-affect-front-end-only-or-admin-pages-too">Q: Does this affect front end only, or admin pages too?</h3>
<p>A: Stored XSS persists and can execute in any context that renders the malicious data — including admin pages. Admin UI rendering is particularly high risk.</p>
<h2 id="best-practices-recap">Best practices recap</h2>
<ul>
<li>Update the plugin to 2.0.10 immediately.</li>
<li>If you cannot update, disable the plugin, restrict Contributor access, and deploy virtual patches.</li>
<li>Scan the database and files for injected scripts and suspicious changes.</li>
<li>Enforce least privilege and require 2FA for elevated roles.</li>
<li>Implement monitoring, integrity checks, and a layered security posture with logging and regular scans.</li>
</ul>
<h2 id="example-forensic-checklist-what-to-look-for-after-an-exploit">Example forensic checklist (what to look for after an exploit)</h2>
<ul>
<li>New or modified admin users in the last 30 days.</li>
<li>Unexpected scheduled tasks (wp_cron entries calling unknown PHP files).</li>
<li>Database entries in wp_posts/postmeta containing <script> tags or onerror/onload attributes.</li>
<li>Modified core/plugin/theme files, especially if edited outside maintenance windows.</li>
<li>Outbound connections to suspicious IPs or domains (beacons).</li>
<li>Access logs showing POSTs to plugin import endpoints with suspicious payloads.</li>
</ul>
<h2 id="final-thoughts-from-a-hong-kong-security-expert">Final thoughts from a Hong Kong security expert</h2>
<p>Stored XSS that can be inserted by low‑privileged actors is particularly dangerous in CMS environments because it leverages normal human workflows like content review. Social engineering makes exploitation low effort and high impact. Patch as the primary remediation, and simultaneously apply short‑term mitigations — virtual patching, role restrictions, server‑side sanitization, and monitoring — to reduce the risk window.</p>
<p>If you require help implementing rules, running a forensic scan, or performing incident response, engage an experienced WordPress security practitioner. Rapid, careful investigation is critical when you suspect compromise.</p>
<p>Stay vigilant, keep plugins updated, and apply least privilege across content workflows.</p>
<p><em>— Hong Kong WordPress Security Advisory</em></p>
</article>
<p></body><br />
</html></p>

		</div>
		<section class="post-tags"><ul><li><h5 class="title-tags">Etiquetas:</h5></li><li><a href="https://wp-security.org/es/tag/wordpress-security/" rel="tag">WordPress Security</a></li></ul></section>		<div class="pk-share-buttons-wrap pk-share-buttons-layout-default pk-share-buttons-scheme-bold-bg pk-share-buttons-has-counts pk-share-buttons-has-total-counts pk-share-buttons-after-post pk-share-buttons-mode-php pk-share-buttons-mode-rest" data-post-id="3543" data-share-url="https://wp-security.org/es/vulnerability-database/community-alert-xss-in-json-importercve202515363/" >

							<div class="pk-share-buttons-total pk-share-buttons-total-no-count">
							<div class="pk-share-buttons-count cs-font-primary">0 Shares:</div>
						</div>
				
			<div class="pk-share-buttons-items">

										<div class="pk-share-buttons-item pk-share-buttons-facebook pk-share-buttons-no-count" data-id="facebook">

							<a href="https://www.facebook.com/sharer.php?u=https://wp-security.org/es/vulnerability-database/community-alert-xss-in-json-importercve202515363/" class="pk-share-buttons-link" target="_blank">

																	<i class="pk-share-buttons-icon pk-icon pk-icon-facebook"></i>
								
								
																	<span class="pk-share-buttons-label pk-font-primary">Compartir</span>
								
																	<span class="pk-share-buttons-count pk-font-secondary">0</span>
															</a>

							
							
													</div>
											<div class="pk-share-buttons-item pk-share-buttons-twitter pk-share-buttons-no-count" data-id="twitter">

							<a href="https://x.com/share?&text=%3Ctrp-post-container%20data-trp-post-id%3D%273543%27%3ECommunity%20Alert%20XSS%20in%20JSON%20Importer%28CVE202515363%29%3C%2Ftrp-post-container%3E&url=https://wp-security.org/es/vulnerability-database/community-alert-xss-in-json-importercve202515363/" class="pk-share-buttons-link" target="_blank">

																	<i class="pk-share-buttons-icon pk-icon pk-icon-twitter"></i>
								
								
																	<span class="pk-share-buttons-label pk-font-primary">Tweet</span>
								
																	<span class="pk-share-buttons-count pk-font-secondary">0</span>
															</a>

							
							
													</div>
											<div class="pk-share-buttons-item pk-share-buttons-pinterest pk-share-buttons-no-count" data-id="pinterest">

							<a href="https://pinterest.com/pin/create/bookmarklet/?url=https://wp-security.org/es/vulnerability-database/community-alert-xss-in-json-importercve202515363/&media=https://wp-security.org/wp-content/uploads/2026/03/2026-03-19CVE202515363WordPress-JSON-Content-Importer-Plugin-1024x576.jpg" class="pk-share-buttons-link" target="_blank">

																	<i class="pk-share-buttons-icon pk-icon pk-icon-pinterest"></i>
								
								
																	<span class="pk-share-buttons-label pk-font-primary">Fijarlo</span>
								
																	<span class="pk-share-buttons-count pk-font-secondary">0</span>
															</a>

							
							
													</div>
								</div>
		</div>
	

<section class="post-author">

	<div class="authors-compact">

			<div class="author-wrap">
			<div class="author">
				<div class="author-avatar">
					<a href="https://wp-security.org/es/author/wp-security/" rel="author">
						<img alt='' src='https://secure.gravatar.com/avatar/16bf83a02c7c3aa39247769e866366c2ea8ccfb8bd88a16ef3ac35925a1da888?s=120&#038;d=mm&#038;r=g' srcset='https://secure.gravatar.com/avatar/16bf83a02c7c3aa39247769e866366c2ea8ccfb8bd88a16ef3ac35925a1da888?s=240&#038;d=mm&#038;r=g 2x' class='avatar avatar-120 photo' height='120' width='120' decoding='async'/>					</a>
				</div>
				<div class="author-description">
					<h5 class="title-author">
						<span class="fn">
							<a href="https://wp-security.org/es/author/wp-security/" rel="author">
								WP Security Vulnerability Report							</a>
						</span>
					</h5>
					<p class="note"></p>
									</div>
			</div>
		</div>
	
	</div>

</section>


<div id="disqus_thread"></div>
	</div>

				</div>
			
	
</article>

					<div class="post-prev-next">
						<a class="link-item prev-link" href="https://wp-security.org/es/vulnerability-database/secure-community-database-reporting-guidenone/">
					<div class="link-content">
						<div class="link-label">
							<span class="link-arrow"></span><span class="link-text"> — Artículo anterior</span>
						</div>

						<h2 class="entry-title">
							Secure Community Database Reporting Guide(None)						</h2>
					</div>
				</a>
							<a class="link-item next-link" href="https://wp-security.org/es/vulnerability-database/hong-kong-security-advisory-code-embed-xsscve20262512/">
					<div class="link-content">
						<div class="link-label">
							<span class="link-text">Siguiente artículo — </span><span class="link-arrow"></span>
						</div>

						<h2 class="entry-title">
							Hong Kong Security Advisory Code Embed XSS(CVE20262512)						</h2>
					</div>
				</a>
				</div>
		<section class="post-archive archive-related">

			<div class="archive-wrap">

				
				<div class="title-block-wrap">
					<h5 class="title-block">
						También te puede gustar					</h5>
				</div>

				<div class="archive-main archive-list  archive-heading-small archive-borders-enabled archive-shadow-enabled archive-scale-enabled">

					
<article class="entry-without-preview post-3750 post type-post status-publish format-standard has-post-thumbnail category-vulnerability-database tag-wordpress-security">
	<div class="post-outer">
		
		
		<div class="post-inner">
			<div class="meta-category"><a class="category-style" href="https://wp-security.org/es/category/vulnerability-database/"><span style="background-color:#EDF2FF" data-color="#EDF2FF" data-color-dark="#555555" class="char" data-scheme="default">W</span><span class="label">WordPress Vulnerability Database</span></a></div>			<header class="entry-header">
				<h2 class="entry-title"><a href="https://wp-security.org/es/vulnerability-database/protect-community-sites-from-pelicula-theme-injectioncve202632512/" rel="bookmark">Protect Community Sites from Pelicula Theme Injection(CVE202632512)</a></h2><ul class="post-meta"><li class="meta-date">marzo 22, 2026</li></ul>			</header>

							<div class="entry-details">
											<div class="entry-excerpt">
							PHP Object Injection in WordPress Pelicula Theme						</div>
					
									</div>
			
		</div><!-- .post-inner -->

	</div><!-- .post-outer -->
</article>

<article class="entry-without-preview post-763 post type-post status-publish format-standard has-post-thumbnail category-vulnerability-database tag-wordpress-security">
	<div class="post-outer">
		
		
		<div class="post-inner">
			<div class="meta-category"><a class="category-style" href="https://wp-security.org/es/category/vulnerability-database/"><span style="background-color:#EDF2FF" data-color="#EDF2FF" data-color-dark="#555555" class="char" data-scheme="default">W</span><span class="label">WordPress Vulnerability Database</span></a></div>			<header class="entry-header">
				<h2 class="entry-title"><a href="https://wp-security.org/es/vulnerability-database/hk-security-bulletin-wordpress-coupon-affiliates-vulnerabilitycve202554025/" rel="bookmark">HK Security Bulletin WordPress Coupon Affiliates Vulnerability(CVE202554025)</a></h2><ul class="post-meta"><li class="meta-date">agosto 8, 2025</li></ul>			</header>

							<div class="entry-details">
											<div class="entry-excerpt">
							WordPress Coupon Affiliates Plugin &lt;= 6.4.0 - Settings Change Vulnerability						</div>
					
									</div>
			
		</div><!-- .post-inner -->

	</div><!-- .post-outer -->
</article>

<article class="entry-without-preview post-2599 post type-post status-publish format-standard has-post-thumbnail category-vulnerability-database tag-wordpress-security">
	<div class="post-outer">
		
		
		<div class="post-inner">
			<div class="meta-category"><a class="category-style" href="https://wp-security.org/es/category/vulnerability-database/"><span style="background-color:#EDF2FF" data-color="#EDF2FF" data-color-dark="#555555" class="char" data-scheme="default">W</span><span class="label">WordPress Vulnerability Database</span></a></div>			<header class="entry-header">
				<h2 class="entry-title"><a href="https://wp-security.org/es/vulnerability-database/community-advisory-sensitive-data-exposure-in-extractorcve202515508/" rel="bookmark">Community Advisory Sensitive Data Exposure in Extractor(CVE202515508)</a></h2><ul class="post-meta"><li class="meta-date">febrero 4, 2026</li></ul>			</header>

							<div class="entry-details">
											<div class="entry-excerpt">
							Sensitive Data Exposure in WordPress Magic Import Document Extractor Plugin						</div>
					
									</div>
			
		</div><!-- .post-inner -->

	</div><!-- .post-outer -->
</article>

<article class="entry-without-preview post-756 post type-post status-publish format-standard has-post-thumbnail category-vulnerability-database tag-wordpress-security">
	<div class="post-outer">
		
		
		<div class="post-inner">
			<div class="meta-category"><a class="category-style" href="https://wp-security.org/es/category/vulnerability-database/"><span style="background-color:#EDF2FF" data-color="#EDF2FF" data-color-dark="#555555" class="char" data-scheme="default">W</span><span class="label">WordPress Vulnerability Database</span></a></div>			<header class="entry-header">
				<h2 class="entry-title"><a href="https://wp-security.org/es/vulnerability-database/hong-kong-wordpress-urna-theme-lfi-alertcve202554689/" rel="bookmark">Hong Kong WordPress Urna Theme LFI Alert(CVE202554689)</a></h2><ul class="post-meta"><li class="meta-date">agosto 8, 2025</li></ul>			</header>

							<div class="entry-details">
											<div class="entry-excerpt">
							WordPress Urna Theme &lt;= 2.5.7 - Local File Inclusion Vulnerability						</div>
					
									</div>
			
		</div><!-- .post-inner -->

	</div><!-- .post-outer -->
</article>

<article class="entry-without-preview post-3485 post type-post status-publish format-standard has-post-thumbnail category-vulnerability-database tag-wordpress-security">
	<div class="post-outer">
		
		
		<div class="post-inner">
			<div class="meta-category"><a class="category-style" href="https://wp-security.org/es/category/vulnerability-database/"><span style="background-color:#EDF2FF" data-color="#EDF2FF" data-color-dark="#555555" class="char" data-scheme="default">W</span><span class="label">WordPress Vulnerability Database</span></a></div>			<header class="entry-header">
				<h2 class="entry-title"><a href="https://wp-security.org/es/vulnerability-database/hong-kong-security-alert-sql-injection-wowstorecve20262579/" rel="bookmark">Hong Kong Security Alert SQL Injection WowStore(CVE20262579)</a></h2><ul class="post-meta"><li class="meta-date">marzo 17, 2026</li></ul>			</header>

							<div class="entry-details">
											<div class="entry-excerpt">
							SQL Injection in WordPress WowStore Plugin						</div>
					
									</div>
			
		</div><!-- .post-inner -->

	</div><!-- .post-outer -->
</article>

<article class="entry-without-preview post-2476 post type-post status-publish format-standard has-post-thumbnail category-vulnerability-database tag-wordpress-security">
	<div class="post-outer">
		
		
		<div class="post-inner">
			<div class="meta-category"><a class="category-style" href="https://wp-security.org/es/category/vulnerability-database/"><span style="background-color:#EDF2FF" data-color="#EDF2FF" data-color-dark="#555555" class="char" data-scheme="default">W</span><span class="label">WordPress Vulnerability Database</span></a></div>			<header class="entry-header">
				<h2 class="entry-title"><a href="https://wp-security.org/es/vulnerability-database/hong-kong-security-alert-broken-access-controlcve20249706/" rel="bookmark">Hong Kong Security Alert Broken Access Control(CVE20249706)</a></h2><ul class="post-meta"><li class="meta-date">febrero 2, 2026</li></ul>			</header>

							<div class="entry-details">
											<div class="entry-excerpt">
							Broken Access Control in WordPress Ultimate Coming Soon &amp; Maintenance Plugin						</div>
					
									</div>
			
		</div><!-- .post-inner -->

	</div><!-- .post-outer -->
</article>
				</div>

			</div>

		</section>
	
	
	
			
			
		</main>

		
	</div><!-- .content-area -->


						
					</div><!-- .main-content -->

					
				</div><!-- .cs-container -->

				
			</div><!-- .site-content -->

			
			
			<footer id="colophon" class="site-footer">
									<div class="footer-subscribe">
						<div class="cs-container">
							<div class="subscribe-wrap">
															</div>
						</div>
					</div>
					
				
				<div class="footer-info">

					<div class="cs-container">

						<div class="site-info">

							<div class="footer-col-info">
																	<span class="site-title footer-title" href="https://wp-security.org/es/" rel="home">
										
										<img src="https://wp-security.org/wp-content/uploads/2025/08/WP-Security-logo-1-e1754494371106.png"  alt="WP Security" >									</span>
																										<div class="footer-copyright">
										© 2025 WP-Security.org Disclaimer: WP-Security.org is an independent, non-profit NGO community committed to sharing WordPress security news and information. We are not affiliated with WordPress, its parent company, or any related entities. All trademarks are the property of their respective owners.									</div>
																</div>

							
							
						</div>

					</div>

				</div>

			</footer>

			
		</div>

	</div><!-- .site-inner -->

	
</div><!-- .site -->


<template id="tp-language" data-tp-language="es_ES"></template><script type="speculationrules">
{"prefetch":[{"source":"document","where":{"and":[{"href_matches":"/es/*"},{"not":{"href_matches":["/wp-*.php","/wp-admin/*","/wp-content/uploads/*","/wp-content/*","/wp-content/plugins/*","/wp-content/themes/squaretype/*","/es/*\\?(.+)"]}},{"not":{"selector_matches":"a[rel~=\"nofollow\"]"}},{"not":{"selector_matches":".no-prefetch, .no-prefetch a"}}]},"eagerness":"conservative"}]}
</script>
			<a href="#top" class="pk-scroll-to-top">
				<i class="pk-icon pk-icon-up"></i>
			</a>
					<div class="pk-mobile-share-overlay">
							</div>
			
			<script type="text/javascript">
              var _paq = _paq || [];
			  _paq.push(['setCustomDimension', 1, '{"ID":3,"name":"WP Security Vulnerability Report","avatar":"f7de7e299d4a4b4c92c6f2c2a29a7ca7"}']);
              _paq.push(['trackPageView']);
              (function () {
                var u = "https://analytics2.wpmudev.com/";
                _paq.push(['setTrackerUrl', u + 'track/']);
                _paq.push(['setSiteId', '24942']);
                var d   = document, g = d.createElement('script'), s = d.getElementsByTagName('script')[0];
                g.type  = 'text/javascript';
                g.async = true;
                g.defer = true;
                g.src   = 'https://analytics.wpmucdn.com/matomo.js';
                s.parentNode.insertBefore(g, s);
              })();
			</script>
			<script id='kirki-viewport-lists'>var kirkiViewports = {"md":{"value":1200,"scale":1,"minWidth":1200,"maxWidth":1200,"title":"Desktop","icon":"desktop","activeIcon":"desktop-hover","id":"md","type":"max"},"tablet":{"value":991,"scale":1,"minWidth":991,"maxWidth":991,"title":"Tablet","icon":"tablet-default","activeIcon":"tablet-hover","type":"max","id":"tablet"},"mobileLandscape":{"value":767,"scale":1,"minWidth":767,"maxWidth":767,"title":"Landscape","icon":"phone-hr-default","activeIcon":"phone-hr-hover","type":"max","id":"mobileLandscape"},"mobile":{"value":575,"scale":1,"minWidth":575,"maxWidth":575,"title":"Mobile","icon":"phone-vr-default","activeIcon":"phone-vr-hover","type":"max","id":"mobile"}};</script><script id='kirki-variable-lists'>var kirkiCSSVariable = {"data":[{"title":"Colors","key":"color","modes":[{"key":"default","title":"Default"}],"variables":[]},{"title":"Numbers","key":"size","modes":[{"key":"default","title":"Default"}],"variables":[]},{"title":"Text Styles","key":"text-style","modes":[{"key":"default","title":"Default"}],"variables":[]},{"title":"Font Family","key":"font-family","modes":[{"key":"default","title":"Default"}],"variables":[]}]};</script><script id="kirki-api-and-nonce">
    window.wp_kirki = {
        ajaxUrl: "https://wp-security.org/wp-admin/admin-ajax.php",
        restUrl: "https://wp-security.org/es/wp-json/",
        siteUrl: "https://wp-security.org",
        apiVersion: "v1",
        postId: "3543",
        nonce: "251253a5aa",
        call_from: "",
        templateId: "",
        context: {"id":3543,"type":"post"}
    };
    </script><script id="wp-importmap" type="importmap">
{"imports":{"@wordpress/interactivity":"https://wp-security.org/wp-includes/js/dist/script-modules/interactivity/index.min.js?ver=efaa5193bbad9c60ffd1","@surecart/checkout":"https://wp-security.org/wp-content/plugins/surecart/packages/blocks-next/build/scripts/checkout/index.js?ver=3bbe28b8db1e11147c67","@surecart/checkout-events":"https://wp-security.org/wp-content/plugins/surecart/packages/blocks-next/build/scripts/checkout-events/index.js?ver=ed9647bd6c7865efe2ad","@surecart/checkout-service":"https://wp-security.org/wp-content/plugins/surecart/packages/blocks-next/build/scripts/checkout-actions/index.js?ver=e445a0ee0396d75d52c0","@surecart/google-events":"https://wp-security.org/wp-content/plugins/surecart/packages/blocks-next/build/scripts/google/index.js?ver=d92e383a18bcf54ea538","@surecart/facebook-events":"https://wp-security.org/wp-content/plugins/surecart/packages/blocks-next/build/scripts/facebook/index.js?ver=cf5c6499cb7b867894c1","@wordpress/a11y":"https://wp-security.org/wp-includes/js/dist/script-modules/a11y/index.min.js?ver=1c371cb517a97cdbcb9f","@surecart/api-fetch":"https://wp-security.org/wp-content/plugins/surecart/packages/blocks-next/build/scripts/fetch/index.js?ver=1bfba8ea0694a193022a"}}
</script>
<script id="@surecart/line-item-note-js-module" src="https://wp-security.org/wp-content/plugins/surecart/packages/blocks-next/build/scripts/line-item-note/index.js?ver=af6cf14267b5a9ad219f" type="module"></script>
<script id="@surecart/checkout-js-module" src="https://wp-security.org/wp-content/plugins/surecart/packages/blocks-next/build/scripts/checkout/index.js?ver=3bbe28b8db1e11147c67" type="module"></script>
<script id="@surecart/cart-js-module" src="https://wp-security.org/wp-content/plugins/surecart/packages/blocks-next/build/scripts/cart/index.js?ver=c2f35b71b4309df849fe" type="module"></script>
<script id="@surecart/order-bumps-js-module" src="https://wp-security.org/wp-content/plugins/surecart/packages/blocks-next/build/scripts/order-bumps/index.js?ver=c639def39210a6244eb2" type="module"></script>
<script id="wp-script-module-data-@wordpress/interactivity" type="application/json">
{"state":{"surecart/order-bumps":{"currentPage":1,"perPage":3},"surecart/checkout":{"checkout":{"line_items":{"data":[]}},"discountIsRedeemable":false,"isDiscountApplied":false,"hasDiscountAmount":false,"hasSubtotalScratchAmount":false,"itemsCount":0,"hasItems":false}}}
</script>
<div id="fb-root"></div>				<script>
					window.scFetchData =
					{"root_url":"https:\/\/wp-security.org\/es\/wp-json\/","nonce":"251253a5aa","nonce_endpoint":"https:\/\/wp-security.org\/wp-admin\/admin-ajax.php?action=sc-rest-nonce"}				</script>
				<!-- Render the cart. --> <div data-wp-context='{"formId":131,"mode":"live"}' data-wp-interactive='{ "namespace": "surecart/checkout" }' data-wp-init="callbacks.init" data-wp-watch="callbacks.onChangeCheckout" data-wp-on-window--storage="callbacks.syncTabs" class="sc-cart-wrapper is-layout-flow wp-container-surecart-slide-out-cart-is-layout-c8108a87 wp-block-surecart-slide-out-cart-is-layout-flow" > <div style="font-size:15px;width: 525px" class="sc-drawer sc-cart-drawer wp-block-surecart-slide-out-cart" role="dialog" data-wp-bind--aria-label="surecart/cart::state.ariaLabel" data-wp-class--open="surecart/cart::state.open" data-wp-on--keydown="surecart/cart::actions.handleKeydown" > <!-- Cart alert --> <div class="sc-alert sc-alert__alert--danger" role="alert" aria-live="assertive" aria-atomic="true" data-wp-bind--hidden="!state.error" hidden> <div class="sc-alert__icon"> <svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewbox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"> <circle cx="12" cy="12" r="10" /> <line x1="12" y1="8" x2="12" y2="12" /> <line x1="12" y1="16" x2="12.01" y2="16" /> </svg> </div> <div class="sc-alert__text"> <div class="sc-alert__title"> <span data-wp-text="state.errorTitle"></span> </div> <div class="sc-alert__message"> <div data-wp-text="state.errorMessage"></div> <template data-wp-each--message="state.additionalErrors"> <div> <span data-wp-text="context.message"></span> </div> </template> </div> </div> </div> <div class="wp-block-group is-content-justification-space-between is-nowrap is-layout-flex wp-container-core-group-is-layout-64e1162d wp-block-group-is-layout-flex" style="padding-top:1.5em;padding-right:2em;padding-bottom:0em;padding-left:2em"> <div style="line-height:1" class="wp-block-surecart-cart-close-button" data-wp-on--click="surecart/cart::actions.toggle" data-wp-on--keypress="surecart/cart::actions.toggle" role="button" tabindex="0" aria-label="Cerrar carrito" > <svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewbox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"> <line x1="5" y1="12" x2="19" y2="12" /> <polyline points="12 5 19 12 12 19" /> </svg> </div> <p class="wp-block-paragraph" style="margin-top:0px;margin-right:0px;margin-bottom:0px;margin-left:0px;padding-top:0px;padding-right:0px;padding-bottom:0px;padding-left:0px;font-size:16px;font-style:normal;font-weight:500;line-height:1"> Revisa Mi Pedido</p> <span style="font-size:14px;font-weight:600;line-height:1;border-radius:4px;padding-top:6px;padding-bottom:6px;padding-left:10px;padding-right:10px" class="wp-block-surecart-cart-count" data-wp-text="state.itemsCount">0</span> </div> <div class="wp-block-group wp-container-content-9cfa9a5a"><div class="wp-block-group__inner-container is-layout-flow wp-block-group-is-layout-flow"> <div style="padding-top:2em;padding-bottom:2em;padding-left:2em;padding-right:2em" class="wp-block-surecart-slide-out-cart-line-items is-layout-flow wp-container-surecart-slide-out-cart-line-items-is-layout-2e48a420 wp-block-surecart-slide-out-cart-line-items-is-layout-flow" role="list"> <template data-wp-each--line_item="state.checkoutLineItems" data-wp-each-key="context.line_item.id" > <div class="sc-product-line-item" data-wp-class--sc-product-line-item--has-swap="state.swap" role="listitem" data-wp-bind--aria-label="state.lineItemAriaLabel"> <div class="sc-product-line-item__content"> <div class="wp-block-group wp-container-content-9cfa9a5a"><div class="wp-block-group__inner-container is-layout-flow wp-block-group-is-layout-flow"> <div class="wp-block-group is-nowrap is-layout-flex wp-container-core-group-is-layout-92927b4a wp-block-group-is-layout-flex"> <figure class="sc-cart-line-item-image-wrap wp-container-content-962be591 wp-duotone-unset-1" data-wp-bind--hidden="!context.line_item.image.src"> <img style="margin-top:0;margin-bottom:0;aspect-ratio:1;border-radius:4px;border-width:1px;margin-top:0;margin-bottom:0" class="sc-is-covered wp-block-surecart-cart-line-item-image" data-wp-bind--alt="context.line_item.image.alt" data-wp-bind--srcset="context.line_item.image.srcset" data-wp-bind--sizes="context.line_item.image.sizes" data-wp-bind--src="context.line_item.image.src" loading="lazy" /> </figure> <div class="wp-block-group wp-container-content-9cfa9a5a is-vertical is-content-justification-stretch is-nowrap is-layout-flex wp-container-core-group-is-layout-41c7e08e wp-block-group-is-layout-flex"> <div class="wp-block-group wp-container-content-9cfa9a5a is-content-justification-space-between is-nowrap is-layout-flex wp-container-core-group-is-layout-53e22457 wp-block-group-is-layout-flex"> <div class="wp-block-group wp-container-content-9cfa9a5a"><div class="wp-block-group__inner-container is-layout-flow wp-container-core-group-is-layout-c8108a87 wp-block-group-is-layout-flow"> <a style="font-style:normal;font-weight:500;line-height:1.4;text-decoration:none" class="wp-block-surecart-cart-line-item-title" data-wp-bind--href="state.lineItemPermalink"> <span data-wp-text="context.line_item.price.product.name"></span> </a> <div class="wp-block-group"><div class="wp-block-group__inner-container is-layout-flow wp-container-core-group-is-layout-c8108a87 wp-block-group-is-layout-flow"> <div style="font-size:14px;line-height:1.4" class="wp-block-surecart-cart-line-item-price-name" data-wp-text="state.lineItemPriceName" data-wp-bind--hidden="!state.lineItemPriceName"></div> <div style="font-size:14px;line-height:1.4" class="wp-block-surecart-cart-line-item-variant" data-wp-text="state.lineItemVariant" data-wp-bind--hidden="!state.lineItemVariant"></div> <div data-wp-interactive='{ "namespace": "surecart/line-item-note" }' style="font-size:14px;line-height:1.4" class="wp-block-surecart-cart-line-item-note" data-wp-context='{}' data-wp-run="callbacks.init" data-wp-class--line-item-note--is-expanded="context.noteExpanded" data-wp-class--line-item-note--is-collapsible="context.showToggle" data-wp-bind--hidden="surecart/checkout::!state.lineItemNote" data-wp-on--click="actions.toggleNoteExpanded" data-wp-on--keydown="actions.toggleNoteExpanded" data-wp-bind--role="button" data-wp-bind--disabled="!context.showToggle" data-wp-bind--aria-expanded="context.noteExpanded" data-wp-bind--aria-label="Toggle note visibility" tabindex="0" > <div class="line-item-note__text" data-wp-text="surecart/checkout::state.lineItemNote" ></div> <span class="sc-icon" data-wp-class--sc-icon--rotated="context.noteExpanded" > <svg xmlns="http://www.w3.org/2000/svg" width="16" height="16" viewbox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"> <polyline points="6 9 12 15 18 9" /> </svg> </span> </div> </div></div> <div class="sc-product-line-item__purchasable-status wp-block-surecart-cart-line-item-status has-text-align-right" data-wp-text="context.line_item.purchasable_status_display" data-wp-bind--hidden="!context.line_item.purchasable_status_display" role="status" aria-live="polite" aria-atomic="true" >&nbsp;</div> </div></div> <div class="wp-block-group"><div class="wp-block-group__inner-container is-layout-flow wp-container-core-group-is-layout-c8108a87 wp-block-group-is-layout-flow"> <div class="wp-block-group is-content-justification-right is-nowrap is-layout-flex wp-container-core-group-is-layout-f843080e wp-block-group-is-layout-flex" style="line-height:1.4"> <div class="wp-block-surecart-cart-line-item-scratch-amount" data-wp-text="context.line_item.scratch_display_amount" data-wp-bind--hidden="!state.lineItemHasScratchAmount" ></div> <div style="font-style:normal;font-weight:500" class="wp-block-surecart-cart-line-item-amount has-text-align-right" data-wp-text="context.line_item.subtotal_display_amount"></div> <div style="font-size:14px" class="wp-block-surecart-cart-line-item-interval" data-wp-bind--hidden="!context.line_item.price.short_interval_text"> <span class="wp-block-surecart-cart-line-item-interval__interval" data-wp-bind--hidden="!context.line_item.price.short_interval_text" data-wp-text="context.line_item.price.short_interval_text" ></span> <span class="wp-block-surecart-cart-line-item-interval__count" data-wp-bind--hidden="!context.line_item.price.short_interval_count_text" data-wp-text="context.line_item.price.short_interval_count_text" ></span> </div> </div> <div class="wp-block-group"><div class="wp-block-group__inner-container is-layout-flow wp-container-core-group-is-layout-c8108a87 wp-block-group-is-layout-flow"> <div style="font-size:14px" class="wp-block-surecart-cart-line-item-trial has-text-align-right" data-wp-bind--hidden="!context.line_item.price.trial_text" data-wp-text="context.line_item.price.trial_text" ></div> <template data-wp-each--fee="state.lineItemFees" data-wp-each-key="context.fee.id" > <div style="font-size:14px" class="wp-block-surecart-cart-line-item-fees has-text-align-right"> <span style="font-size:14px" class="wp-block-surecart-cart-line-item-fees has-text-align-right" data-wp-text="context.fee.display_amount" ></span> <span style="font-size:14px" class="wp-block-surecart-cart-line-item-fees has-text-align-right" data-wp-text="context.fee.description" ></span> </div> </template> </div></div> </div></div> </div> <div class="wp-block-group is-content-justification-space-between is-nowrap is-layout-flex wp-container-core-group-is-layout-e5460375 wp-block-group-is-layout-flex"> <div class="wp-block-group wp-container-content-9cfa9a5a"><div class="wp-block-group__inner-container is-layout-flow wp-block-group-is-layout-flow"><div class="sc-input-group sc-input-group-sm sc-quantity-selector wp-block-surecart-cart-line-item-quantity" data-wp-class--quantity--disabled="state.isQuantityDisabled" data-wp-bind--hidden="!state.isEditable" hidden="1"> <div class="sc-input-group-text sc-quantity-selector__decrease" role="button" tabindex="0" data-wp-on--click="surecart/checkout::actions.onQuantityDecrease" data-wp-on--keydown="surecart/checkout::actions.onQuantityDecrease" data-wp-bind--disabled="state.isQuantityDecreaseDisabled" data-wp-bind--aria-disabled="state.isQuantityDecreaseDisabled" data-wp-class--button--disabled="state.isQuantityDecreaseDisabled" data-wp-bind--aria-label="surecart/checkout::state.decreaseQuantityAriaLabel" > <svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewbox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"> <line x1="5" y1="12" x2="19" y2="12" /> </svg> </div> <input type="number" class="sc-form-control sc-quantity-selector__control" data-wp-bind--value="context.line_item.quantity" data-wp-on--change="surecart/checkout::actions.onQuantityChange" data-wp-bind--min="context.line_item.min" data-wp-bind--aria-valuemin="context.line_item.min" data-wp-bind--max="context.line_item.max" data-wp-bind--aria-valuemax="context.line_item.max" data-wp-bind--aria-valuenow="context.line_item.quantity" data-wp-bind--disabled="surecart/checkout::state.loading" data-wp-bind--aria-label="surecart/checkout::state.quantityInputAriaLabel" step="1" autocomplete="off" role="spinbutton" /> <div class="sc-input-group-text sc-quantity-selector__increase" role="button" tabindex="0" data-wp-on--click="surecart/checkout::actions.onQuantityIncrease" data-wp-on--keydown="surecart/checkout::actions.onQuantityIncrease" data-wp-bind--disabled="state.isQuantityIncreaseDisabled" data-wp-bind--aria-disabled="state.isQuantityIncreaseDisabled" data-wp-class--button--disabled="state.isQuantityIncreaseDisabled" data-wp-bind--aria-label="surecart/checkout::state.increaseQuantityAriaLabel" > <svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewbox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"> <line x1="12" y1="5" x2="12" y2="19" /> <line x1="5" y1="12" x2="19" y2="12" /> </svg> </div> </div> </div></div> <div class="wp-block-group is-vertical is-content-justification-right is-layout-flex wp-container-core-group-is-layout-4c9338fd wp-block-group-is-layout-flex"> <div style="font-size:14px;font-style:normal;font-weight:400" class="wp-block-surecart-cart-line-item-remove" data-wp-bind--aria-label="surecart/checkout::state.removeItemAriaLabel" data-wp-on--click="surecart/checkout::actions.removeLineItem" data-wp-on--keydown="surecart/checkout::actions.removeLineItem" role="button" tabindex="0" > <svg class="wp-block-surecart-cart-line-item-remove__icon" xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewbox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"> <line x1="18" y1="6" x2="6" y2="18" /> <line x1="6" y1="6" x2="18" y2="18" /> </svg> <span class="wp-block-surecart-cart-line-item-remove__label"> Eliminar </span> </div> </div> </div> </div> </div> </div></div> </div> <div class="sc-product-line-item__swap" data-wp-bind--hidden="!state.swap" hidden data-wp-on--click="actions.toggleSwap"> <div class="sc-product-line-item__swap-content"> <button type="button" class="sc-toggle" role="switch" aria-checked="false" data-wp-bind--aria-checked="context.line_item.swap" data-wp-class--sc-toggle--checked="context.line_item.swap"> <span class="sc-toggle__label">Usar configuración</span> <span aria-hidden="true" class="sc-toggle__knob"></span> </button> <span data-wp-text="state.swap.description"></span> </div> <div class="sc-product-line-item__swap-amount"> <span data-wp-text="state.swapDisplayAmount" class="sc-product-line-item__swap-amount-value"></span> <span data-wp-text="state.swapIntervalText" class="sc-product-line-item__swap-amount-interval"></span> <span data-wp-text="state.swapIntervalCountText" class="sc-product-line-item__swap-amount-interval-count"></span> </div> </div> </div> </template> </div> </div></div> <div class="wp-block-group" style="border-top-color:#b0b0b069;border-top-width:1px;padding-top:0em;padding-right:0em;padding-bottom:0em;padding-left:0em"><div class="wp-block-group__inner-container is-layout-flow wp-block-group-is-layout-flow"> <div style="border-bottom-width:1px;border-bottom-color:#b0b0b069;padding-top:1.5em;padding-bottom:1.5em;padding-left:2em;padding-right:2em" class="wp-block-surecart-cart-order-bumps" data-wp-context='{"hideAddedItems":true}' data-wp-interactive='{ "namespace": "surecart/order-bumps" }' data-wp-init="callbacks.init" data-wp-bind--hidden="!state.hasOrderBumps" hidden> <div class="wp-block-group is-content-justification-space-between is-nowrap is-layout-flex wp-container-core-group-is-layout-768bb735 wp-block-group-is-layout-flex" style="margin-bottom:0.75em"> <p class="wp-block-paragraph" style="margin-top:0;margin-bottom:0;font-style:normal;font-weight:500">Sugerido para ti</p> <nav class="wp-block-surecart-cart-order-bump-pagination is-layout-flex wp-container-surecart-cart-order-bump-pagination-is-layout-00ae689d wp-block-surecart-cart-order-bump-pagination-is-layout-flex" data-wp-bind--hidden="!state.showPagination" aria-label="Paginación de pedidos adicionales" hidden> <div aria-disabled="true" disabled class="has-arrow-type-chevron wp-block-surecart-cart-order-bump-pagination-previous" data-wp-on--click="surecart/order-bumps::actions.previousPage" data-wp-on--keydown="surecart/order-bumps::actions.handlePreviousKeydown" data-wp-bind--disabled="!state.hasPreviousPage" data-wp-bind--aria-disabled="!state.hasPreviousPage" aria-label="Página anterior" role="button" tabindex="0" > <svg aria-hidden="true" class="wp-block-surecart-cart-order-bump-pagination-previous__icon" xmlns="http://www.w3.org/2000/svg" width="20" height="20" viewbox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"> <polyline points="15 18 9 12 15 6" /> </svg> </div> <div aria-disabled="true" disabled class="has-arrow-type-chevron wp-block-surecart-cart-order-bump-pagination-next" data-wp-on--click="surecart/order-bumps::actions.nextPage" data-wp-on--keydown="surecart/order-bumps::actions.handleNextKeydown" data-wp-bind--disabled="!state.hasNextPage" data-wp-bind--aria-disabled="!state.hasNextPage" aria-label="Página siguiente" role="button" tabindex="0" > <svg aria-hidden="true" class="wp-block-surecart-cart-order-bump-pagination-next__icon" xmlns="http://www.w3.org/2000/svg" width="20" height="20" viewbox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"> <polyline points="9 18 15 12 9 6" /> </svg> </div> </nav> </div> <ul class="wp-block-surecart-cart-order-bump-template is-layout-flex wp-container-surecart-cart-order-bump-template-is-layout-e99f66c5 wp-block-surecart-cart-order-bump-template-is-layout-flex" role="list" data-wp-class--has-overflow="state.hasMultipleBumps" data-wp-on--scrollend="callbacks.onCarouselScroll" data-wp-on--keydown="actions.handleCarouselKeydown" tabindex="0" data-wp-bind--aria-label="state.orderBumpsListAriaLabel" > <template data-wp-each--bump="state.orderBumps" data-wp-each-key="context.bump.id" > <li class="sc-cart-order-bump-item" role="listitem"> <div class="wp-block-group has-border-color wp-container-content-9cfa9a5a is-nowrap is-layout-flex wp-container-core-group-is-layout-e91b8ce6 wp-block-group-is-layout-flex" style="border-color:#e0e0e0;border-width:1px;border-radius:12px;padding-top:0.75em;padding-right:1em;padding-bottom:0.75em;padding-left:0.75em"> <figure class="sc-cart-order-bump-image-wrap wp-container-content-d0d0a6b5" data-wp-bind--hidden="!context.bump.price.product.line_item_image.src"> <img style="aspect-ratio:1;width:72px;border-radius:8px" class="sc-is-covered wp-block-surecart-cart-order-bump-image" data-wp-bind--alt="context.bump.price.product.name" data-wp-bind--src="context.bump.price.product.line_item_image.src" loading="lazy" /> </figure> <div class="wp-block-group wp-container-content-9cfa9a5a is-vertical is-layout-flex wp-container-core-group-is-layout-0370e391 wp-block-group-is-layout-flex"> <span style="font-size:15px;font-weight:600;line-height:1.3" class="wp-block-surecart-cart-order-bump-title" data-wp-text="context.bump.name" ></span> <div style="color:#6b7280;font-size:13px;line-height:1.3" class="wp-block-surecart-cart-order-bump-description has-text-color" data-wp-bind--hidden="!context.bump.metadata.description" data-wp-text="context.bump.metadata.description" hidden></div> <div class="wp-block-group is-nowrap is-layout-flex wp-container-core-group-is-layout-0cf19278 wp-block-group-is-layout-flex"> <div style="font-size:14px" class="wp-block-surecart-cart-order-bump-scratch-amount" data-wp-text="context.bump.subtotal_display_amount" data-wp-bind--hidden="!state.bumpHasDiscount" ></div> <div style="font-size:14px;font-weight:500" class="wp-block-surecart-cart-order-bump-amount" data-wp-text="context.bump.total_display_amount"></div> </div> </div> <div style="font-size:18px;font-weight:400;border-color:#d1d5db;border-top-left-radius:74.6%;border-top-right-radius:74.6%;border-bottom-left-radius:74.6%;border-bottom-right-radius:74.6%;border-width:1px;padding-top:0.5em;padding-bottom:0.5em;padding-left:0.5em;padding-right:0.5em" class="sc-cart-order-bump-add-button wp-block-surecart-cart-order-bump-add-button has-border-color" role="button" tabindex="0" data-wp-on--click="surecart/order-bumps::actions.addBumpToCart" data-wp-on--keydown="surecart/order-bumps::actions.handleAddButtonKeydown" data-wp-bind--disabled="state.isBumpInCart" data-wp-bind--aria-disabled="state.isBumpInCart" data-wp-class--sc-cart-order-bump-add-button--added="state.isBumpInCart" data-wp-bind--aria-label="state.addButtonAriaLabel" aria-label="Añadir al carrito" > <span class="sc-cart-order-bump-add-button__icon" aria-hidden="true" data-wp-bind--hidden="state.isBumpInCart"> <svg aria-hidden="true" xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewbox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"> <line x1="12" y1="5" x2="12" y2="19" /> <line x1="5" y1="12" x2="19" y2="12" /> </svg> </span> <span class="sc-cart-order-bump-add-button__icon" aria-hidden="true" data-wp-bind--hidden="!state.isBumpInCart" hidden> <svg aria-hidden="true" xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewbox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"> <polyline points="20 6 9 17 4 12" /> </svg> </span> </div> </div> </li> </template> </ul> </div> <div class="wp-block-group" style="margin-top:0;margin-bottom:0;padding-top:2em;padding-right:2em;padding-bottom:2em;padding-left:2em"><div class="wp-block-group__inner-container is-layout-constrained wp-container-core-group-is-layout-491b0754 wp-block-group-is-layout-constrained"> <div class="wp-block-surecart-slide-out-cart-items-subtotal is-content-justification-space-between is-nowrap is-layout-flex wp-container-surecart-slide-out-cart-items-subtotal-is-layout-0a93696a wp-block-surecart-slide-out-cart-items-subtotal-is-layout-flex"> <div class="wp-block-group"><div class="wp-block-group__inner-container is-layout-flow wp-container-core-group-is-layout-c8108a87 wp-block-group-is-layout-flow"> <p class="wp-block-paragraph" style="margin-top:0px;margin-bottom:0px;font-size:18px;font-style:normal;font-weight:500;line-height:1.4"> Subtotal</p> <p class="has-text-color has-link-color wp-elements-3ccbd622ec95a2fb9ce4984e15710a06 wp-block-paragraph" style="color:var(--sc-input-help-text-color);font-size:14px;line-height:1.4">Impuestos y envío calculados en la caja</p> </div></div> <div class="wp-block-group is-content-justification-right is-nowrap is-layout-flex wp-container-core-group-is-layout-f843080e wp-block-group-is-layout-flex"><span style="font-size:18px;line-height:1.4" class="wp-block-surecart-cart-subtotal-scratch-amount" data-wp-text="state.checkout.subtotal_scratch_display_amount" data-wp-bind--hidden="!state.hasSubtotalScratchAmount" data-wp-bind--aria-label="state.subtotalScratchAriaLabel" hidden></span> <span style="font-size:18px;font-style:normal;font-weight:500;line-height:1.4" class="wp-block-surecart-cart-subtotal-amount" data-wp-text="state.checkout.subtotal_display_amount"></span> </div> </div> <div class="sc-cart-items-submit__wrapper" style="" > <div class="wp-block-button"> <a style="border-radius:4px" class="wp-block-button__link wp-element-button sc-button__link wp-block-surecart-slide-out-cart-items-submit" href="https://wp-security.org/es/checkout/" data-wp-bind--disabled="state.loading" data-wp-class--sc-button__link--busy="state.loading" > <span class="sc-spinner" aria-hidden="false"></span> <span class="sc-button__link-text">Pagar</span> </a> </div> </div> </div></div> </div></div> <div class="sc-block-ui" data-wp-bind--hidden="!state.loading" hidden></div> </div> <!-- backdrop --> <div class="sc-drawer__backdrop" data-wp-on--mousedown="surecart/cart::actions.closeOverlay" data-wp-on--touchstart="surecart/cart::actions.closeOverlay" data-wp-class--show="surecart/cart::state.open" data-wp-on--keydown="surecart/cart::actions.handleKeydown"></div> </div> <!-- Render floating cart icon --> <div data-wp-interactive='{ "namespace": "surecart/checkout" }' class="wp-block-surecart-cart-icon" data-wp-context='{"formId":131,"mode":"live"}' data-wp-on--click="surecart/cart::actions.toggle" data-wp-on--keydown="surecart/cart::actions.toggle" tabindex="0" role="button" data-wp-bind--hidden="!state.hasItems" hidden> <div class="wp-block-surecart-cart-icon__container"> <div class="wp-block-surecart-cart-icon__icon" aria-label="Botón del carrito."> <svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewbox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"> <path d="M6 2L3 6v14a2 2 0 0 0 2 2h14a2 2 0 0 0 2-2V6l-3-4z" /> <line x1="3" y1="6" x2="21" y2="6" /> <path d="M16 10a4 4 0 0 1-8 0" /> </svg> </div> <span class="wp-block-surecart-cart-icon__count" data-wp-text="state.itemsCount" data-wp-bind--aria-label="state.itemsCountAriaLabel" >0</span> </div> </div><script id="wp-url-js" src="https://wp-security.org/wp-includes/js/dist/url.min.js?ver=bb0f766c3d2efe497871"></script>
<script id="wp-hooks-js" src="https://wp-security.org/wp-includes/js/dist/hooks.min.js?ver=7496969728ca0f95732d"></script>
<script id="wp-i18n-js" src="https://wp-security.org/wp-includes/js/dist/i18n.min.js?ver=781d11515ad3d91786ec"></script>
<script id="wp-i18n-js-after">
wp.i18n.setLocaleData( { 'text direction\u0004ltr': [ 'ltr' ] } );
//# sourceURL=wp-i18n-js-after
</script>
<script id="wp-api-fetch-js-translations">
( function( domain, translations ) {
	var localeData = translations.locale_data[ domain ] || translations.locale_data.messages;
	localeData[""].domain = domain;
	wp.i18n.setLocaleData( localeData, domain );
} )( "default", {"translation-revision-date":"2026-06-13 15:21:55+0000","generator":"GlotPress\/4.0.3","domain":"messages","locale_data":{"messages":{"":{"domain":"messages","plural-forms":"nplurals=2; plural=n != 1;","lang":"es"},"Could not get a valid response from the server.":["No se pudo obtener una respuesta v\u00e1lida del servidor."],"Unable to connect. Please check your Internet connection.":["No se puede conectar. Revisa tu conexi\u00f3n a Internet."],"Media upload failed. If this is a photo or a large image, please scale it down and try again.":["La subida de medios ha fallado. Si esto es una foto o una imagen grande, por favor, reduce su tama\u00f1o e int\u00e9ntalo de nuevo."],"The response is not a valid JSON response.":["Las respuesta no es una respuesta JSON v\u00e1lida."]}},"comment":{"reference":"wp-includes\/js\/dist\/api-fetch.js"}} );
//# sourceURL=wp-api-fetch-js-translations
</script>
<script id="wp-api-fetch-js" src="https://wp-security.org/wp-includes/js/dist/api-fetch.min.js?ver=d7efe4dc1468d36c39b8"></script>
<script id="wp-api-fetch-js-after">
wp.apiFetch.use( wp.apiFetch.createRootURLMiddleware( "https://wp-security.org/es/wp-json/" ) );
wp.apiFetch.nonceMiddleware = wp.apiFetch.createNonceMiddleware( "251253a5aa" );
wp.apiFetch.use( wp.apiFetch.nonceMiddleware );
wp.apiFetch.use( wp.apiFetch.mediaUploadMiddleware );
wp.apiFetch.nonceEndpoint = "https://wp-security.org/wp-admin/admin-ajax.php?action=rest-nonce";
//# sourceURL=wp-api-fetch-js-after
</script>
<script id="wp-dom-ready-js" src="https://wp-security.org/wp-includes/js/dist/dom-ready.min.js?ver=a06281ae5cf5500e9317"></script>
<script id="wp-a11y-js-translations">
( function( domain, translations ) {
	var localeData = translations.locale_data[ domain ] || translations.locale_data.messages;
	localeData[""].domain = domain;
	wp.i18n.setLocaleData( localeData, domain );
} )( "default", {"translation-revision-date":"2026-06-13 15:21:55+0000","generator":"GlotPress\/4.0.3","domain":"messages","locale_data":{"messages":{"":{"domain":"messages","plural-forms":"nplurals=2; plural=n != 1;","lang":"es"},"Notifications":["Avisos"]}},"comment":{"reference":"wp-includes\/js\/dist\/a11y.js"}} );
//# sourceURL=wp-a11y-js-translations
</script>
<script id="wp-a11y-js" src="https://wp-security.org/wp-includes/js/dist/a11y.min.js?ver=af934e5259bc51b8718e"></script>
<script id="trp-dynamic-translator-js-extra">
var trp_data = {"trp_custom_ajax_url":"https://wp-security.org/wp-content/plugins/translatepress-multilingual/includes/trp-ajax.php","trp_wp_ajax_url":"https://wp-security.org/wp-admin/admin-ajax.php","trp_language_to_query":"es_ES","trp_original_language":"en_US","trp_current_language":"es_ES","trp_skip_selectors":["[data-no-translation]","[data-no-dynamic-translation]","[data-trp-translate-id-innertext]","script","style","head","trp-span","translate-press","[data-trp-translate-id]","[data-trpgettextoriginal]","[data-trp-post-slug]"],"trp_base_selectors":["data-trp-translate-id","data-trpgettextoriginal","data-trp-post-slug"],"trp_attributes_selectors":{"text":{"accessor":"outertext","attribute":false},"block":{"accessor":"innertext","attribute":false},"image_src":{"selector":"img[src]","accessor":"src","attribute":true},"submit":{"selector":"input[type='submit'],input[type='button'], input[type='reset']","accessor":"value","attribute":true},"placeholder":{"selector":"input[placeholder],textarea[placeholder]","accessor":"placeholder","attribute":true},"title":{"selector":"[title]","accessor":"title","attribute":true},"a_href":{"selector":"a[href]","accessor":"href","attribute":true},"button":{"accessor":"outertext","attribute":false},"option":{"accessor":"innertext","attribute":false},"aria_label":{"selector":"[aria-label]","accessor":"aria-label","attribute":true},"video_src":{"selector":"video[src]","accessor":"src","attribute":true},"video_poster":{"selector":"video[poster]","accessor":"poster","attribute":true},"video_source_src":{"selector":"video source[src]","accessor":"src","attribute":true},"audio_src":{"selector":"audio[src]","accessor":"src","attribute":true},"audio_source_src":{"selector":"audio source[src]","accessor":"src","attribute":true},"picture_image_src":{"selector":"picture image[src]","accessor":"src","attribute":true},"picture_source_srcset":{"selector":"picture source[srcset]","accessor":"srcset","attribute":true}},"trp_attributes_accessors":["outertext","innertext","src","value","placeholder","title","href","aria-label","poster","srcset"],"gettranslationsnonceregular":"49244390d8","showdynamiccontentbeforetranslation":"","skip_strings_from_dynamic_translation":[],"skip_strings_from_dynamic_translation_for_substrings":{"href":["amazon-adsystem","googleads","g.doubleclick"]},"duplicate_detections_allowed":"100","trp_translate_numerals_opt":"no","trp_no_auto_translation_selectors":["[data-no-auto-translation]"]};
//# sourceURL=trp-dynamic-translator-js-extra
</script>
<script id="trp-dynamic-translator-js" src="https://wp-security.org/wp-content/plugins/translatepress-multilingual/assets/js/trp-translate-dom-changes.js?ver=3.2.2"></script>
<script id="powerkit-js" src="https://wp-security.org/wp-content/plugins/powerkit/assets/js/_scripts.js?ver=3.0.8"></script>
<script id="swv-js" src="https://wp-security.org/wp-content/plugins/contact-form-7/includes/swv/js/index.js?ver=6.1.6"></script>
<script id="contact-form-7-js-translations">
( function( domain, translations ) {
	var localeData = translations.locale_data[ domain ] || translations.locale_data.messages;
	localeData[""].domain = domain;
	wp.i18n.setLocaleData( localeData, domain );
} )( "contact-form-7", {"translation-revision-date":"2025-12-01 15:45:40+0000","generator":"GlotPress\/4.0.3","domain":"messages","locale_data":{"messages":{"":{"domain":"messages","plural-forms":"nplurals=2; plural=n != 1;","lang":"es"},"This contact form is placed in the wrong place.":["Este formulario de contacto est\u00e1 situado en el lugar incorrecto."],"Error:":["Error:"]}},"comment":{"reference":"includes\/js\/index.js"}} );
//# sourceURL=contact-form-7-js-translations
</script>
<script id="contact-form-7-js-before">
var wpcf7 = {
    "api": {
        "root": "https:\/\/wp-security.org\/es\/wp-json\/",
        "namespace": "contact-form-7\/v1"
    },
    "cached": 1
};
//# sourceURL=contact-form-7-js-before
</script>
<script id="contact-form-7-js" src="https://wp-security.org/wp-content/plugins/contact-form-7/includes/js/index.js?ver=6.1.6"></script>
<script id="disqus_count-js-extra">
var countVars = {"disqusShortname":"wp-security-org"};
//# sourceURL=disqus_count-js-extra
</script>
<script id="disqus_count-js" src="https://wp-security.org/wp-content/plugins/disqus-comment-system/public/js/comment_count.js?ver=3.1.4"></script>
<script id="disqus_embed-js-extra">
var embedVars = {"disqusConfig":{"integration":"wordpress 3.1.4 7.0"},"disqusIdentifier":"3543 https://wp-security.org/uncategorized/community-alert-xss-in-json-importercve202515363/","disqusShortname":"wp-security-org","disqusTitle":"Community Alert XSS in JSON Importer(CVE202515363)","disqusUrl":"https://wp-security.org/es/vulnerability-database/community-alert-xss-in-json-importercve202515363/","postId":"3543"};
//# sourceURL=disqus_embed-js-extra
</script>
<script id="disqus_embed-js" src="https://wp-security.org/wp-content/plugins/disqus-comment-system/public/js/comment_embed.js?ver=3.1.4"></script>
<script id="powerkit-basic-elements-js" src="https://wp-security.org/wp-content/plugins/powerkit/modules/basic-elements/public/js/public-powerkit-basic-elements.js?ver=4.0.0"></script>
<script id="justifiedgallery-js" src="https://wp-security.org/wp-content/plugins/canvas/components/justified-gallery/block/jquery.justifiedGallery.min.js?ver=2.5.4"></script>
<script id="powerkit-justified-gallery-js-extra">
var powerkitJG = {"rtl":""};
//# sourceURL=powerkit-justified-gallery-js-extra
</script>
<script id="powerkit-justified-gallery-js" src="https://wp-security.org/wp-content/plugins/powerkit/modules/justified-gallery/public/js/public-powerkit-justified-gallery.js?ver=3.0.8"></script>
<script id="imagesloaded-js" src="https://wp-security.org/wp-includes/js/imagesloaded.min.js?ver=5.0.0"></script>
<script id="glightbox-js" src="https://wp-security.org/wp-content/plugins/powerkit/modules/lightbox/public/js/glightbox.min.js?ver=3.0.8"></script>
<script id="powerkit-lightbox-js-extra">
var powerkit_lightbox_localize = {"text_previous":"Previous","text_next":"Next","text_close":"Close","text_loading":"Loading","text_counter":"of","single_image_selectors":".entry-content img,.single .post-media img","gallery_selectors":".wp-block-gallery,.gallery","exclude_selectors":".sight-portfolio-area","zoom_icon":"1"};
//# sourceURL=powerkit-lightbox-js-extra
</script>
<script id="powerkit-lightbox-js" src="https://wp-security.org/wp-content/plugins/powerkit/modules/lightbox/public/js/public-powerkit-lightbox.js?ver=3.0.8"></script>
<script id="powerkit-opt-in-forms-js-extra">
var opt_in = {"ajax_url":"https://wp-security.org/wp-admin/admin-ajax.php","warning_privacy":"Please confirm that you agree with our policies.","is_admin":"","server_error":"Server error occurred. Please try again later."};
//# sourceURL=powerkit-opt-in-forms-js-extra
</script>
<script id="powerkit-opt-in-forms-js" src="https://wp-security.org/wp-content/plugins/powerkit/modules/opt-in-forms/public/js/public-powerkit-opt-in-forms.js?ver=3.0.8"></script>
<script id="powerkit-pinterest-js" async="async" defer="defer" src="//assets.pinterest.com/js/pinit.js?ver=3.0.8"></script>
<script id="powerkit-pin-it-js-extra">
var powerkit_pinit_localize = {"image_selectors":".entry-content img","exclude_selectors":".cnvs-block-row,.cnvs-block-section,.cnvs-block-posts .entry-thumbnail,.cnvs-post-thumbnail,.pk-block-author,.pk-featured-categories img,.pk-inline-posts-container img,.pk-instagram-image,.pk-subscribe-image,.wp-block-cover,.pk-block-posts,.sight-portfolio-entry-link-page","only_hover":"1"};
//# sourceURL=powerkit-pin-it-js-extra
</script>
<script id="powerkit-pin-it-js" src="https://wp-security.org/wp-content/plugins/powerkit/modules/pinterest/public/js/public-powerkit-pin-it.js?ver=3.0.8"></script>
<script id="powerkit-scroll-to-top-js" src="https://wp-security.org/wp-content/plugins/powerkit/modules/scroll-to-top/public/js/public-powerkit-scroll-to-top.js?ver=3.0.8"></script>
<script id="powerkit-share-buttons-js" src="https://wp-security.org/wp-content/plugins/powerkit/modules/share-buttons/public/js/public-powerkit-share-buttons.js?ver=3.0.8"></script>
<script id="flickity-js" src="https://wp-security.org/wp-content/plugins/canvas/components/slider-gallery/block/flickity.pkgd.min.js?ver=2.5.4"></script>
<script id="powerkit-slider-gallery-js-extra">
var powerkit_sg_flickity = {"page_info_sep":" of "};
//# sourceURL=powerkit-slider-gallery-js-extra
</script>
<script id="powerkit-slider-gallery-js" src="https://wp-security.org/wp-content/plugins/powerkit/modules/slider-gallery/public/js/public-powerkit-slider-gallery.js?ver=3.0.8"></script>
<script id="powerkit-table-of-contents-js-extra">
var powerkit_toc_config = {"label_show":"Show","label_hide":"Hide"};
//# sourceURL=powerkit-table-of-contents-js-extra
</script>
<script id="powerkit-table-of-contents-js" src="https://wp-security.org/wp-content/plugins/powerkit/modules/table-of-contents/public/js/public-powerkit-table-of-contents.js?ver=3.0.8"></script>
<script id="magnific-popup-js" src="https://wp-security.org/wp-content/plugins/sight/render/js/jquery.magnific-popup.min.js?ver=1781357198"></script>
<script id="sight-block-script-js-extra">
var sight_lightbox_localize = {"text_previous":"Previous","text_next":"Next","text_close":"Close","text_loading":"Loading","text_counter":"of"};
//# sourceURL=sight-block-script-js-extra
</script>
<script id="sight-block-script-js" src="https://wp-security.org/wp-content/plugins/sight/render/js/sight.js?ver=1781357198"></script>
<script id="colcade-js" src="https://wp-security.org/wp-content/plugins/canvas/components/posts/block-posts/colcade.js?ver=2.5.4"></script>
<script id="object-fit-images-js" src="https://wp-security.org/wp-content/themes/squaretype/js/ofi.min.js?ver=3.2.3"></script>
<script id="csco-scripts-js-extra">
var csco_mega_menu = {"rest_url":"https://wp-security.org/es/wp-json/csco/v1/menu-posts","current_lang":"","current_locale":"es_ES"};
//# sourceURL=csco-scripts-js-extra
</script>
<script id="csco-scripts-js" src="https://wp-security.org/wp-content/themes/squaretype/js/scripts.js?ver=3.1.1"></script>
<script async data-wp-strategy="async" fetchpriority="low" id="comment-reply-js" src="https://wp-security.org/wp-includes/js/comment-reply.min.js?ver=7.0"></script>
<script id="powerkit-facebook-sdk-js" src="https://connect.facebook.net/es_ES/sdk.js?ver=3.0.8#xfbml=1&#038;version=v17.0&#038;appId=&#038;autoLogAppEvents=1"></script>
<script id="wp-emoji-settings" type="application/json">
{"baseUrl":"https://s.w.org/images/core/emoji/17.0.2/72x72/","ext":".png","svgUrl":"https://s.w.org/images/core/emoji/17.0.2/svg/","svgExt":".svg","source":{"concatemoji":"https://wp-security.org/wp-includes/js/wp-emoji-release.min.js?ver=7.0"}}
</script>
<script type="module">
/*! This file is auto-generated */
const a=JSON.parse(document.getElementById("wp-emoji-settings").textContent),o=(window._wpemojiSettings=a,"wpEmojiSettingsSupports"),s=["flag","emoji"];function i(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,JSON.stringify(t))}catch(e){}}function c(e,t,n){e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(t,0,0);t=new Uint32Array(e.getImageData(0,0,e.canvas.width,e.canvas.height).data);e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(n,0,0);const a=new Uint32Array(e.getImageData(0,0,e.canvas.width,e.canvas.height).data);return t.every((e,t)=>e===a[t])}function p(e,t){e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(t,0,0);var n=e.getImageData(16,16,1,1);for(let e=0;e<n.data.length;e++)if(0!==n.data[e])return!1;return!0}function u(e,t,n,a){switch(t){case"flag":return n(e,"\ud83c\udff3\ufe0f\u200d\u26a7\ufe0f","\ud83c\udff3\ufe0f\u200b\u26a7\ufe0f")?!1:!n(e,"\ud83c\udde8\ud83c\uddf6","\ud83c\udde8\u200b\ud83c\uddf6")&&!n(e,"\ud83c\udff4\udb40\udc67\udb40\udc62\udb40\udc65\udb40\udc6e\udb40\udc67\udb40\udc7f","\ud83c\udff4\u200b\udb40\udc67\u200b\udb40\udc62\u200b\udb40\udc65\u200b\udb40\udc6e\u200b\udb40\udc67\u200b\udb40\udc7f");case"emoji":return!a(e,"\ud83e\u1fac8")}return!1}function f(e,t,n,a){let r;const o=(r="undefined"!=typeof WorkerGlobalScope&&self instanceof WorkerGlobalScope?new OffscreenCanvas(300,150):document.createElement("canvas")).getContext("2d",{willReadFrequently:!0}),s=(o.textBaseline="top",o.font="600 32px Arial",{});return e.forEach(e=>{s[e]=t(o,e,n,a)}),s}function r(e){var t=document.createElement("script");t.src=e,t.defer=!0,document.head.appendChild(t)}a.supports={everything:!0,everythingExceptFlag:!0},new Promise(t=>{let n=function(){try{var e=JSON.parse(sessionStorage.getItem(o));if("object"==typeof e&&"number"==typeof e.timestamp&&(new Date).valueOf()<e.timestamp+604800&&"object"==typeof e.supportTests)return e.supportTests}catch(e){}return null}();if(!n){if("undefined"!=typeof Worker&&"undefined"!=typeof OffscreenCanvas&&"undefined"!=typeof URL&&URL.createObjectURL&&"undefined"!=typeof Blob)try{var e="postMessage("+f.toString()+"("+[JSON.stringify(s),u.toString(),c.toString(),p.toString()].join(",")+"));",a=new Blob([e],{type:"text/javascript"});const r=new Worker(URL.createObjectURL(a),{name:"wpTestEmojiSupports"});return void(r.onmessage=e=>{i(n=e.data),r.terminate(),t(n)})}catch(e){}i(n=f(s,u,c,p))}t(n)}).then(e=>{for(const n in e)a.supports[n]=e[n],a.supports.everything=a.supports.everything&&a.supports[n],"flag"!==n&&(a.supports.everythingExceptFlag=a.supports.everythingExceptFlag&&a.supports[n]);var t;a.supports.everythingExceptFlag=a.supports.everythingExceptFlag&&!a.supports.flag,a.supports.everything||((t=a.source||{}).concatemoji?r(t.concatemoji):t.wpemoji&&t.twemoji&&(r(t.twemoji),r(t.wpemoji)))});
//# sourceURL=https://wp-security.org/wp-includes/js/wp-emoji-loader.min.js
</script>
<div style="position:absolute;margin:-1px;padding:0;height:1px;width:1px;overflow:hidden;clip-path:inset(50%);border:0;word-wrap:normal !important;"><p id="a11y-speak-intro-text" class="a11y-speak-intro-text" hidden data-no-translation="" data-trp-gettext="">Avisos</p><div id="a11y-speak-assertive" class="a11y-speak-region" aria-live="assertive" aria-relevant="additions text" aria-atomic="true"></div><div id="a11y-speak-polite" class="a11y-speak-region" aria-live="polite" aria-relevant="additions text" aria-atomic="true"></div></div>
        <!-- Usermaven - privacy-friendly analytics tool -->
        <script type="text/javascript">
            (function () {
                window.usermaven = window.usermaven || (function () { (window.usermavenQ = window.usermavenQ || []).push(arguments); })
                var t = document.createElement('script'),
                    s = document.getElementsByTagName('script')[0];
                t.defer = true;
                t.id = 'um-tracker';
                t.setAttribute('data-tracking-host', 'https://u.wp-security.org');
                t.setAttribute('data-key', 'UMZaYew9Sp');
                t.setAttribute('data-autocapture', 'true');                                                t.setAttribute('data-randomize-url', 'true');
                t.src = 'https://u.wp-security.org/lib.js';
                s.parentNode.insertBefore(t, s);
            })();
        </script>
        <!-- / Usermaven -->


        
        
<nav
    class="trp-language-switcher trp-floating-switcher trp-ls-dropdown trp-switcher-position-bottom"
    style="--bg:#ffffffb2;--bg-hover:#0000000d;--text:#000000;--text-hover:#000000;--border:1px solid transparent;--border-radius:8px 8px 0px 0px;--flag-radius:2px;--flag-size:20px;--aspect-ratio:4/3;--font-size:16px;--switcher-width:auto;--switcher-padding:10px 0;--transition-duration:0.2s;--bottom:0px;--right:10vw"
    role="navigation"
    aria-label="Selector de idioma del sitio web"
    data-no-translation
>
    
            <div class="trp-language-switcher-inner">
            <div class="trp-language-item trp-language-item__current" title="Spanish" role="button" tabindex="0" aria-expanded="false" aria-label="Cambiar idioma" aria-controls="trp-switcher-dropdown-list" data-no-translation><span class="trp-language-item-name">Spanish</span></div>
            <div
                class="trp-switcher-dropdown-list"
                id="trp-switcher-dropdown-list"
                role="group"
                aria-label="Idiomas disponibles"
                hidden
 inert
>
                                    <a href="https://wp-security.org/vulnerability-database/community-alert-xss-in-json-importercve202515363/" class="trp-language-item" title="English" data-no-translation><span class="trp-language-item-name">English</span></a>                                    <a href="https://wp-security.org/zh/vulnerability-database/community-alert-xss-in-json-importercve202515363/" class="trp-language-item" title="Chinese (Hong Kong)" data-no-translation><span class="trp-language-item-name">Chinese (Hong Kong)</span></a>                                    <a href="https://wp-security.org/zh_cn/vulnerability-database/community-alert-xss-in-json-importercve202515363/" class="trp-language-item" title="Chinese (China)" data-no-translation><span class="trp-language-item-name">Chinese (China)</span></a>                                    <a href="https://wp-security.org/hi/vulnerability-database/community-alert-xss-in-json-importercve202515363/" class="trp-language-item" title="Hindi" data-no-translation><span class="trp-language-item-name">Hindi</span></a>                                    <a href="https://wp-security.org/fr/vulnerability-database/community-alert-xss-in-json-importercve202515363/" class="trp-language-item" title="French" data-no-translation><span class="trp-language-item-name">French</span></a>                            </div>
        </div>

    </nav>
	<script type="text/javascript">
		"use strict";

		(function($) {

			$( window ).on( 'load', function() {

				// Each All Share boxes.
				$( '.pk-share-buttons-mode-rest' ).each( function() {

					var powerkitButtonsIds = [],
						powerkitButtonsBox = $( this );

					// Check Counts.
					if ( ! powerkitButtonsBox.hasClass( 'pk-share-buttons-has-counts' ) && ! powerkitButtonsBox.hasClass( 'pk-share-buttons-has-total-counts' ) ) {
						return;
					}

					powerkitButtonsBox.find( '.pk-share-buttons-item' ).each( function() {
						if ( $( this ).attr( 'data-id' ).length > 0 ) {
							powerkitButtonsIds.push( $( this ).attr( 'data-id' ) );
						}
					});

					// Generate accounts data.
					var powerkitButtonsData = {};

					if( powerkitButtonsIds.length > 0 ) {
						powerkitButtonsData = {
							'ids'     : powerkitButtonsIds.join(),
							'post_id' : powerkitButtonsBox.attr( 'data-post-id' ),
							'url'     : powerkitButtonsBox.attr( 'data-share-url' ),
						};
					}

					// Get results by REST API.
					$.ajax({
						type: 'GET',
						url: 'https://wp-security.org/es/wp-json/social-share/v1/get-shares',
						data: powerkitButtonsData,
						beforeSend: function(){

							// Add Loading Class.
							powerkitButtonsBox.addClass( 'pk-share-buttons-loading' );
						},
						success: function( response ) {

							if ( ! $.isEmptyObject( response ) && ! response.hasOwnProperty( 'code' ) ) {

								// Accounts loop.
								$.each( response, function( index, data ) {

									if ( index !== 'total_count' ) {

										// Find Bsa Item.
										var powerkitButtonsItem = powerkitButtonsBox.find( '.pk-share-buttons-item[data-id="' + index + '"]');

										// Set Count.
										if ( data.hasOwnProperty( 'count' ) && data.count  ) {

											powerkitButtonsItem.removeClass( 'pk-share-buttons-no-count' ).addClass( 'pk-share-buttons-item-count' );
											powerkitButtonsItem.find( '.pk-share-buttons-count' ).html( data.count );

										} else {
											powerkitButtonsItem.addClass( 'pk-share-buttons-no-count' );
										}
									}
								});

								if ( powerkitButtonsBox.hasClass( 'pk-share-buttons-has-total-counts' ) && response.hasOwnProperty( 'total_count' ) ) {
									var powerkitButtonsTotalBox = powerkitButtonsBox.find( '.pk-share-buttons-total' );

									if ( response.total_count ) {
										powerkitButtonsTotalBox.find( '.pk-share-buttons-count' ).html( response.total_count );
										powerkitButtonsTotalBox.show().removeClass( 'pk-share-buttons-total-no-count' );
									}
								}
							}

							// Remove Loading Class.
							powerkitButtonsBox.removeClass( 'pk-share-buttons-loading' );
						},
						error: function() {

							// Remove Loading Class.
							powerkitButtonsBox.removeClass( 'pk-share-buttons-loading' );
						}
					});
				});
			});

		})(jQuery);
	</script>
	</body>
</html>
<!--
Performance optimized by Redis Object Cache. Learn more: https://wprediscache.com

Recuperados 10910 objetos (1 MB) de Redis usando PhpRedis (v6.3.0).
-->