{"id":5318,"date":"2025-11-28T20:00:00","date_gmt":"2025-11-29T01:00:00","guid":{"rendered":"https:\/\/skatox.com\/blog\/?p=5318"},"modified":"2025-11-24T15:07:53","modified_gmt":"2025-11-24T20:07:53","slug":"como-corregi-una-vulnerabilidad-en-mi-plugin-js-archive-list-tras-un-reporte-de-wordfence","status":"publish","type":"post","link":"https:\/\/skatox.com\/blog\/2025\/11\/28\/como-corregi-una-vulnerabilidad-en-mi-plugin-js-archive-list-tras-un-reporte-de-wordfence\/","title":{"rendered":"C\u00f3mo correg\u00ed una vulnerabilidad en mi plugin JS Archive List tras un reporte de WordFence"},"content":{"rendered":"\n<p><strong><a href=\"https:\/\/skatox.com\/blog\/jquery-archive-list-widget\/\">JS Archive List<\/a><\/strong> es un plugin que cre\u00e9 hace m\u00e1s de una d\u00e9cada para mostrar archivos de entradas de WordPress en un formato m\u00e1s limpio y din\u00e1mico usando JavaScript (inicialmente era con JQuery). Pues hace unas semanas recib\u00ed un correo de un grupo de <em>hackers<\/em> y del equipo de <a href=\"https:\/\/www.wordfence.com\/\" target=\"_blank\" rel=\"noreferrer noopener\">Wordfence<\/a> (correos separados) inform\u00e1ndome de una vulnerabilidad en JS Archive List para realizar inyecciones SQL.<\/p>\n\n\n\n<p>Para quienes no lo conocen: <em>JS Archive List<\/em> toma los a\u00f1os y meses archivados en la base de datos y permite generar un widget o listado que se navega sin recargar la p\u00e1gina. Es sencillo, \u00fatil y, como muchas herramientas viejas, ten\u00eda una parte interna que hab\u00eda quedado congelada en el tiempo, de hecho ese c\u00f3digo viene del <em>fork<\/em> original en el que est\u00e1 basado.<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><img data-dominant-color=\"485a6f\" data-has-transparency=\"false\" style=\"--dominant-color: #485a6f;\" decoding=\"async\" width=\"1024\" height=\"1024\" sizes=\"(max-width: 1024px) 100vw, 1024px\" src=\"https:\/\/skatox.com\/blog\/images\/2025\/11\/image-1.avif\" alt=\"\" class=\"wp-image-5753 not-transparent\" srcset=\"https:\/\/skatox.com\/blog\/images\/2025\/11\/image-1.avif 1024w, https:\/\/skatox.com\/blog\/images\/2025\/11\/image-1-600x600.avif 600w, https:\/\/skatox.com\/blog\/images\/2025\/11\/image-1-150x150.avif 150w\" \/><\/figure>\n<\/div>\n\n\n<h2 class=\"wp-block-heading\">C\u00f3mo se descubri\u00f3 la vulnerabilidad en JS Archive List<\/h2>\n\n\n\n<p>Hace unas semanas recib\u00ed un mensaje desde la plataforma de investigadores de WordFence. Ellos tienen un programa privado donde reportan vulnerabilidades a desarrolladores antes de hacerlas p\u00fablicas, y me dieron un plazo de tres semanas para liberar un <em>fix<\/em>.<\/p>\n\n\n\n<p>El problema estaba en algo b\u00e1sico, la forma de generar la consulta SQL. El plugin recib\u00eda un a\u00f1o a trav\u00e9s de la API o URL para filtrar los archivos, pero ese valor ven\u00eda <em>directamente<\/em> de la base de datos sin sanitizaci\u00f3n y se insertaba en la query. Resultado: <strong>era posible modificar la consulta enviando un a\u00f1o inv\u00e1lido<\/strong>, lo que abr\u00eda la puerta a inyecciones SQL.<\/p>\n\n\n\n<p>Nada glamuroso ni nada complicado. Pero s\u00ed peligroso.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Actualizando una d\u00e9cada de c\u00f3digo para usar $wpdb <\/h2>\n\n\n\n<p>El fix de la vulnerabilidad en JS Archive List estaba claro: hab\u00eda que actualizar una porci\u00f3n del plugin que llevaba m\u00e1s de diez a\u00f1os igual, adaptarla a las funciones seguras de <code>$wpdb<\/code> y garantizar que todas las consultas pasaran por sus m\u00e9todos de preparaci\u00f3n. Esto no solo elimin\u00f3 la inyecci\u00f3n SQL, sino que dej\u00f3 la base para que futuras mejoras del plugin tambi\u00e9n sigan buenas pr\u00e1cticas. Y claro: ahora <strong>JS Archive List es m\u00e1s seguro que nunca<\/strong>. Debo admitir que solo en la \u00faltima semana del plazo pude sentarme a corregirlo (cosas de la vida), pero una vez entr\u00e9 en modo mantenimiento sali\u00f3 bastante fluido.<\/p>\n\n\n\n<p>Luego tuve que entrar al sistema de WordFence y anunciar que el problema estaba corregido en la \u00faltima versi\u00f3n. Tanto el grupo de hackers como el equipo de WordFence revisaron y confirmaron que todo est\u00e1 bien para cerrar la alerta en el sistema mencionado.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Reflexi\u00f3n final<\/strong><\/h2>\n\n\n\n<p>Este fue un recordatorio amable de que mantener software libre significa estar dispuesto a revisarlo, actualizarlo y cuidarlo. Si usas JS Archive List, te recomiendo actualizar a la \u00faltima versi\u00f3n.  Y si alguna vez te toca lidiar con reportes de seguridad, t\u00f3malos como una oportunidad para pulir tu c\u00f3digo y ayudar a hacer Internet un lugar mas seguro para todos.<\/p>\n\n\n\n<p>\u00bfTe ha pasado algo similar? \u00bfDescubriste vulnerabilidades en tu propio software?<br \/>Me encantar\u00eda leer tus experiencias en los comentarios.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>JS Archive List es un plugin que cre\u00e9 hace m\u00e1s de una d\u00e9cada para mostrar archivos de entradas de WordPress en un formato m\u00e1s limpio&#8230;<\/p>\n<div class=\"more-link-wrapper\"><a class=\"more-link\" href=\"https:\/\/skatox.com\/blog\/2025\/11\/28\/como-corregi-una-vulnerabilidad-en-mi-plugin-js-archive-list-tras-un-reporte-de-wordfence\/\">Seguir leyendo<span class=\"screen-reader-text\">C\u00f3mo correg\u00ed una vulnerabilidad en mi plugin JS Archive List tras un reporte de WordFence<\/span><\/a><\/div>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"C\u00f3mo correg\u00ed una vulnerabilidad en mi plugin JS Archive List tras un reporte de WordFence","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2},"jetpack_post_was_ever_published":false},"categories":[549,716,193,1017],"tags":[1268,1269,1272,220,614,216,1271,1267,479,1270],"class_list":["post-5318","post","type-post","status-publish","format-standard","hentry","category-desarrollo-web","category-todo-lo-relacionado-al-desarrollo-de-software","category-hacking-seguridad-informatica","category-wordpress","tag-actualizaciones","tag-desarrollo-web","tag-opensource","tag-php","tag-plugins","tag-seguridad","tag-vulnerabilidades","tag-wordfence","tag-wordpress","tag-wpdb","entry"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.5 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>C\u00f3mo correg\u00ed una vulnerabilidad en mi plugin JS Archive List tras un reporte de WordFence - El blog de Skatox<\/title>\n<meta name=\"description\" content=\"Explico c\u00f3mo WordFence me inform\u00f3 de una vulnerabilidad en mi plugin JS Archive List, y como solucion\u00e9 el ataque mediante inyecci\u00f3n SQL\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/skatox.com\/blog\/2025\/11\/28\/como-corregi-una-vulnerabilidad-en-mi-plugin-js-archive-list-tras-un-reporte-de-wordfence\/\" \/>\n<meta property=\"og:locale\" content=\"es_ES\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"C\u00f3mo correg\u00ed una vulnerabilidad en mi plugin JS Archive List tras un reporte de WordFence - El blog de Skatox\" \/>\n<meta property=\"og:url\" content=\"https:\/\/skatox.com\/blog\/2025\/11\/28\/como-corregi-una-vulnerabilidad-en-mi-plugin-js-archive-list-tras-un-reporte-de-wordfence\/\" \/>\n<meta property=\"og:site_name\" content=\"El blog de Skatox\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/ElWeblogdeSkatox\/\" \/>\n<meta property=\"article:published_time\" content=\"2025-11-29T01:00:00+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/skatox.com\/blog\/images\/2025\/11\/image-1.avif\" \/>\n\t<meta property=\"og:image:width\" content=\"1024\" \/>\n\t<meta property=\"og:image:height\" content=\"1024\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Miguel Useche\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@skatox\" \/>\n<meta name=\"twitter:site\" content=\"@skatox\" \/>\n<meta name=\"twitter:label1\" content=\"Escrito por\" \/>\n\t<meta name=\"twitter:data1\" content=\"Miguel Useche\" \/>\n\t<meta name=\"twitter:label2\" content=\"Tiempo de lectura\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutos\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/skatox.com\\\/blog\\\/2025\\\/11\\\/28\\\/como-corregi-una-vulnerabilidad-en-mi-plugin-js-archive-list-tras-un-reporte-de-wordfence\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/skatox.com\\\/blog\\\/2025\\\/11\\\/28\\\/como-corregi-una-vulnerabilidad-en-mi-plugin-js-archive-list-tras-un-reporte-de-wordfence\\\/\"},\"author\":{\"name\":\"Miguel Useche\",\"@id\":\"https:\\\/\\\/skatox.com\\\/blog\\\/#\\\/schema\\\/person\\\/e081bf33c5b0f1b0514e253cb578e1ba\"},\"headline\":\"C\u00f3mo correg\u00ed una vulnerabilidad en mi plugin JS Archive List tras un reporte de WordFence\",\"datePublished\":\"2025-11-29T01:00:00+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/skatox.com\\\/blog\\\/2025\\\/11\\\/28\\\/como-corregi-una-vulnerabilidad-en-mi-plugin-js-archive-list-tras-un-reporte-de-wordfence\\\/\"},\"wordCount\":542,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/skatox.com\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/skatox.com\\\/blog\\\/2025\\\/11\\\/28\\\/como-corregi-una-vulnerabilidad-en-mi-plugin-js-archive-list-tras-un-reporte-de-wordfence\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/skatox.com\\\/blog\\\/images\\\/2025\\\/11\\\/image-1.avif\",\"keywords\":[\"actualizaciones\",\"desarrollo-web\",\"opensource\",\"php\",\"plugins\",\"seguridad\",\"vulnerabilidades\",\"wordfence\",\"wordpress\",\"wpdb\"],\"articleSection\":[\"Desarrollo web\",\"Desarrollo y Programaci\u00f3n\",\"Hacking \\\/ Seguridad Inform\u00e1tica\",\"Wordpress\"],\"inLanguage\":\"es\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/skatox.com\\\/blog\\\/2025\\\/11\\\/28\\\/como-corregi-una-vulnerabilidad-en-mi-plugin-js-archive-list-tras-un-reporte-de-wordfence\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/skatox.com\\\/blog\\\/2025\\\/11\\\/28\\\/como-corregi-una-vulnerabilidad-en-mi-plugin-js-archive-list-tras-un-reporte-de-wordfence\\\/\",\"url\":\"https:\\\/\\\/skatox.com\\\/blog\\\/2025\\\/11\\\/28\\\/como-corregi-una-vulnerabilidad-en-mi-plugin-js-archive-list-tras-un-reporte-de-wordfence\\\/\",\"name\":\"C\u00f3mo correg\u00ed una vulnerabilidad en mi plugin JS Archive List tras un reporte de WordFence - El blog de Skatox\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/skatox.com\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/skatox.com\\\/blog\\\/2025\\\/11\\\/28\\\/como-corregi-una-vulnerabilidad-en-mi-plugin-js-archive-list-tras-un-reporte-de-wordfence\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/skatox.com\\\/blog\\\/2025\\\/11\\\/28\\\/como-corregi-una-vulnerabilidad-en-mi-plugin-js-archive-list-tras-un-reporte-de-wordfence\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/skatox.com\\\/blog\\\/images\\\/2025\\\/11\\\/image-1.avif\",\"datePublished\":\"2025-11-29T01:00:00+00:00\",\"description\":\"Explico c\u00f3mo WordFence me inform\u00f3 de una vulnerabilidad en mi plugin JS Archive List, y como solucion\u00e9 el ataque mediante inyecci\u00f3n SQL\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/skatox.com\\\/blog\\\/2025\\\/11\\\/28\\\/como-corregi-una-vulnerabilidad-en-mi-plugin-js-archive-list-tras-un-reporte-de-wordfence\\\/#breadcrumb\"},\"inLanguage\":\"es\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/skatox.com\\\/blog\\\/2025\\\/11\\\/28\\\/como-corregi-una-vulnerabilidad-en-mi-plugin-js-archive-list-tras-un-reporte-de-wordfence\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"es\",\"@id\":\"https:\\\/\\\/skatox.com\\\/blog\\\/2025\\\/11\\\/28\\\/como-corregi-una-vulnerabilidad-en-mi-plugin-js-archive-list-tras-un-reporte-de-wordfence\\\/#primaryimage\",\"url\":\"https:\\\/\\\/skatox.com\\\/blog\\\/images\\\/2025\\\/11\\\/image-1.avif\",\"contentUrl\":\"https:\\\/\\\/skatox.com\\\/blog\\\/images\\\/2025\\\/11\\\/image-1.avif\",\"width\":1024,\"height\":1024},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/skatox.com\\\/blog\\\/2025\\\/11\\\/28\\\/como-corregi-una-vulnerabilidad-en-mi-plugin-js-archive-list-tras-un-reporte-de-wordfence\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Portada\",\"item\":\"https:\\\/\\\/skatox.com\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"C\u00f3mo correg\u00ed una vulnerabilidad en mi plugin JS Archive List tras un reporte de WordFence\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/skatox.com\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/skatox.com\\\/blog\\\/\",\"name\":\"El blog de Skatox\",\"description\":\"Compartiendo mis opiniones inform\u00e1ticas mas all\u00e1 de los 280 caracteres\",\"publisher\":{\"@id\":\"https:\\\/\\\/skatox.com\\\/blog\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/skatox.com\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"es\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/skatox.com\\\/blog\\\/#organization\",\"name\":\"El blog de Skatox\",\"url\":\"https:\\\/\\\/skatox.com\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"es\",\"@id\":\"https:\\\/\\\/skatox.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/skatox.com\\\/blog\\\/images\\\/2022\\\/03\\\/tux.png\",\"contentUrl\":\"https:\\\/\\\/skatox.com\\\/blog\\\/images\\\/2022\\\/03\\\/tux.png\",\"width\":218,\"height\":218,\"caption\":\"El blog de Skatox\"},\"image\":{\"@id\":\"https:\\\/\\\/skatox.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/ElWeblogdeSkatox\\\/\",\"https:\\\/\\\/x.com\\\/skatox\",\"https:\\\/\\\/www.linkedin.com\\\/in\\\/skatox\\\/\",\"https:\\\/\\\/www.youtube.com\\\/c\\\/MiguelAngelUsecheCastro\",\"https:\\\/\\\/x.com\\\/skatox\\\/\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/skatox.com\\\/blog\\\/#\\\/schema\\\/person\\\/e081bf33c5b0f1b0514e253cb578e1ba\",\"name\":\"Miguel Useche\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"es\",\"@id\":\"https:\\\/\\\/skatox.com\\\/blog\\\/wp-content\\\/litespeed\\\/avatar\\\/aec95b02408138cb9d08288435373552.jpg?ver=1777599971\",\"url\":\"https:\\\/\\\/skatox.com\\\/blog\\\/wp-content\\\/litespeed\\\/avatar\\\/aec95b02408138cb9d08288435373552.jpg?ver=1777599971\",\"contentUrl\":\"https:\\\/\\\/skatox.com\\\/blog\\\/wp-content\\\/litespeed\\\/avatar\\\/aec95b02408138cb9d08288435373552.jpg?ver=1777599971\",\"caption\":\"Miguel Useche\"},\"sameAs\":[\"https:\\\/\\\/skatox.com\",\"https:\\\/\\\/x.com\\\/skatox\"]}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"C\u00f3mo correg\u00ed una vulnerabilidad en mi plugin JS Archive List tras un reporte de WordFence - El blog de Skatox","description":"Explico c\u00f3mo WordFence me inform\u00f3 de una vulnerabilidad en mi plugin JS Archive List, y como solucion\u00e9 el ataque mediante inyecci\u00f3n SQL","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/skatox.com\/blog\/2025\/11\/28\/como-corregi-una-vulnerabilidad-en-mi-plugin-js-archive-list-tras-un-reporte-de-wordfence\/","og_locale":"es_ES","og_type":"article","og_title":"C\u00f3mo correg\u00ed una vulnerabilidad en mi plugin JS Archive List tras un reporte de WordFence - El blog de Skatox","og_url":"https:\/\/skatox.com\/blog\/2025\/11\/28\/como-corregi-una-vulnerabilidad-en-mi-plugin-js-archive-list-tras-un-reporte-de-wordfence\/","og_site_name":"El blog de Skatox","article_publisher":"https:\/\/www.facebook.com\/ElWeblogdeSkatox\/","article_published_time":"2025-11-29T01:00:00+00:00","og_image":[{"width":1024,"height":1024,"url":"https:\/\/skatox.com\/blog\/images\/2025\/11\/image-1.avif","type":"image\/jpeg"}],"author":"Miguel Useche","twitter_card":"summary_large_image","twitter_creator":"@skatox","twitter_site":"@skatox","twitter_misc":{"Escrito por":"Miguel Useche","Tiempo de lectura":"3 minutos"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/skatox.com\/blog\/2025\/11\/28\/como-corregi-una-vulnerabilidad-en-mi-plugin-js-archive-list-tras-un-reporte-de-wordfence\/#article","isPartOf":{"@id":"https:\/\/skatox.com\/blog\/2025\/11\/28\/como-corregi-una-vulnerabilidad-en-mi-plugin-js-archive-list-tras-un-reporte-de-wordfence\/"},"author":{"name":"Miguel Useche","@id":"https:\/\/skatox.com\/blog\/#\/schema\/person\/e081bf33c5b0f1b0514e253cb578e1ba"},"headline":"C\u00f3mo correg\u00ed una vulnerabilidad en mi plugin JS Archive List tras un reporte de WordFence","datePublished":"2025-11-29T01:00:00+00:00","mainEntityOfPage":{"@id":"https:\/\/skatox.com\/blog\/2025\/11\/28\/como-corregi-una-vulnerabilidad-en-mi-plugin-js-archive-list-tras-un-reporte-de-wordfence\/"},"wordCount":542,"commentCount":0,"publisher":{"@id":"https:\/\/skatox.com\/blog\/#organization"},"image":{"@id":"https:\/\/skatox.com\/blog\/2025\/11\/28\/como-corregi-una-vulnerabilidad-en-mi-plugin-js-archive-list-tras-un-reporte-de-wordfence\/#primaryimage"},"thumbnailUrl":"https:\/\/skatox.com\/blog\/images\/2025\/11\/image-1.avif","keywords":["actualizaciones","desarrollo-web","opensource","php","plugins","seguridad","vulnerabilidades","wordfence","wordpress","wpdb"],"articleSection":["Desarrollo web","Desarrollo y Programaci\u00f3n","Hacking \/ Seguridad Inform\u00e1tica","Wordpress"],"inLanguage":"es","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/skatox.com\/blog\/2025\/11\/28\/como-corregi-una-vulnerabilidad-en-mi-plugin-js-archive-list-tras-un-reporte-de-wordfence\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/skatox.com\/blog\/2025\/11\/28\/como-corregi-una-vulnerabilidad-en-mi-plugin-js-archive-list-tras-un-reporte-de-wordfence\/","url":"https:\/\/skatox.com\/blog\/2025\/11\/28\/como-corregi-una-vulnerabilidad-en-mi-plugin-js-archive-list-tras-un-reporte-de-wordfence\/","name":"C\u00f3mo correg\u00ed una vulnerabilidad en mi plugin JS Archive List tras un reporte de WordFence - El blog de Skatox","isPartOf":{"@id":"https:\/\/skatox.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/skatox.com\/blog\/2025\/11\/28\/como-corregi-una-vulnerabilidad-en-mi-plugin-js-archive-list-tras-un-reporte-de-wordfence\/#primaryimage"},"image":{"@id":"https:\/\/skatox.com\/blog\/2025\/11\/28\/como-corregi-una-vulnerabilidad-en-mi-plugin-js-archive-list-tras-un-reporte-de-wordfence\/#primaryimage"},"thumbnailUrl":"https:\/\/skatox.com\/blog\/images\/2025\/11\/image-1.avif","datePublished":"2025-11-29T01:00:00+00:00","description":"Explico c\u00f3mo WordFence me inform\u00f3 de una vulnerabilidad en mi plugin JS Archive List, y como solucion\u00e9 el ataque mediante inyecci\u00f3n SQL","breadcrumb":{"@id":"https:\/\/skatox.com\/blog\/2025\/11\/28\/como-corregi-una-vulnerabilidad-en-mi-plugin-js-archive-list-tras-un-reporte-de-wordfence\/#breadcrumb"},"inLanguage":"es","potentialAction":[{"@type":"ReadAction","target":["https:\/\/skatox.com\/blog\/2025\/11\/28\/como-corregi-una-vulnerabilidad-en-mi-plugin-js-archive-list-tras-un-reporte-de-wordfence\/"]}]},{"@type":"ImageObject","inLanguage":"es","@id":"https:\/\/skatox.com\/blog\/2025\/11\/28\/como-corregi-una-vulnerabilidad-en-mi-plugin-js-archive-list-tras-un-reporte-de-wordfence\/#primaryimage","url":"https:\/\/skatox.com\/blog\/images\/2025\/11\/image-1.avif","contentUrl":"https:\/\/skatox.com\/blog\/images\/2025\/11\/image-1.avif","width":1024,"height":1024},{"@type":"BreadcrumbList","@id":"https:\/\/skatox.com\/blog\/2025\/11\/28\/como-corregi-una-vulnerabilidad-en-mi-plugin-js-archive-list-tras-un-reporte-de-wordfence\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Portada","item":"https:\/\/skatox.com\/blog\/"},{"@type":"ListItem","position":2,"name":"C\u00f3mo correg\u00ed una vulnerabilidad en mi plugin JS Archive List tras un reporte de WordFence"}]},{"@type":"WebSite","@id":"https:\/\/skatox.com\/blog\/#website","url":"https:\/\/skatox.com\/blog\/","name":"El blog de Skatox","description":"Compartiendo mis opiniones inform\u00e1ticas mas all\u00e1 de los 280 caracteres","publisher":{"@id":"https:\/\/skatox.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/skatox.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"es"},{"@type":"Organization","@id":"https:\/\/skatox.com\/blog\/#organization","name":"El blog de Skatox","url":"https:\/\/skatox.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"es","@id":"https:\/\/skatox.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/skatox.com\/blog\/images\/2022\/03\/tux.png","contentUrl":"https:\/\/skatox.com\/blog\/images\/2022\/03\/tux.png","width":218,"height":218,"caption":"El blog de Skatox"},"image":{"@id":"https:\/\/skatox.com\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/ElWeblogdeSkatox\/","https:\/\/x.com\/skatox","https:\/\/www.linkedin.com\/in\/skatox\/","https:\/\/www.youtube.com\/c\/MiguelAngelUsecheCastro","https:\/\/x.com\/skatox\/"]},{"@type":"Person","@id":"https:\/\/skatox.com\/blog\/#\/schema\/person\/e081bf33c5b0f1b0514e253cb578e1ba","name":"Miguel Useche","image":{"@type":"ImageObject","inLanguage":"es","@id":"https:\/\/skatox.com\/blog\/wp-content\/litespeed\/avatar\/aec95b02408138cb9d08288435373552.jpg?ver=1777599971","url":"https:\/\/skatox.com\/blog\/wp-content\/litespeed\/avatar\/aec95b02408138cb9d08288435373552.jpg?ver=1777599971","contentUrl":"https:\/\/skatox.com\/blog\/wp-content\/litespeed\/avatar\/aec95b02408138cb9d08288435373552.jpg?ver=1777599971","caption":"Miguel Useche"},"sameAs":["https:\/\/skatox.com","https:\/\/x.com\/skatox"]}]}},"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack-related-posts":[{"id":6173,"url":"https:\/\/skatox.com\/blog\/2026\/02\/23\/js-archive-li-actualizacion-seguridad\/","url_meta":{"origin":5318,"position":0},"title":"JS Archive List 6.2.0: actualizaci\u00f3n de seguridad, limpieza de i18n y m\u00e1s pruebas automatizadas","author":"Miguel Useche","date":"23 de febrero de 2026","format":false,"excerpt":"Hay actualizaciones \u201ccosm\u00e9ticas\u201d y otras de urgencia, con un enfoque en la calidad, porque resuelven problemas que surgen en producci\u00f3n. La versi\u00f3n 6.2.0 de JS Archive List se clasifica en la segunda categor\u00eda. En la secci\u00f3n de changelog de WordPress, el foco est\u00e1 clar\u00edsimo: es una actualizaci\u00f3n de seguridad y\u2026","rel":"","context":"En \u00abDesarrollo web\u00bb","block_context":{"text":"Desarrollo web","link":"https:\/\/skatox.com\/blog\/category\/todo-lo-relacionado-al-desarrollo-de-software\/desarrollo-web\/"},"img":{"alt_text":"","src":"https:\/\/skatox.com\/blog\/images\/2025\/11\/image-1.avif","width":350,"height":200,"srcset":"https:\/\/skatox.com\/blog\/images\/2025\/11\/image-1.avif 1x, https:\/\/skatox.com\/blog\/images\/2025\/11\/image-1.avif 1.5x, https:\/\/skatox.com\/blog\/images\/2025\/11\/image-1.avif 2x"},"classes":[]},{"id":4460,"url":"https:\/\/skatox.com\/blog\/2022\/06\/07\/js-archive-list-5-0\/","url_meta":{"origin":5318,"position":1},"title":"JS Archive List 5.0","author":"Miguel Useche","date":"7 de junio de 2022","format":false,"excerpt":"Luego de mas de 3 a\u00f1os sin poder dedicar tiempo a mi primer plugin de WordPress: JS Archive List. Finalmente he conseguido trabajar en \u00e9l y lanzar una nueva versi\u00f3n. La idea era actualizarlo a las \u00faltimas tecnolog\u00edas, realizar mantenimiento y correcci\u00f3n de errores. Nuevo nombre: JS Archive List Widget\u2026","rel":"","context":"En \u00abPlanetas\u00bb","block_context":{"text":"Planetas","link":"https:\/\/skatox.com\/blog\/category\/planetas-linux\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":2053,"url":"https:\/\/skatox.com\/blog\/2010\/11\/26\/actualizacion-de-mi-plugin-jquery-archive-list-widget-para-wordpress\/","url_meta":{"origin":5318,"position":2},"title":"Actualizaci\u00f3n de mi plugin jQuery Archive List Widget para WordPress","author":"Miguel Useche","date":"26 de noviembre de 2010","format":false,"excerpt":"Luego de 11 meses sin prestarle atenci\u00f3n, esta semana decid\u00ed dedicarle un tiempo a mejorar este plugin de Wordpress. Me d\u00ed cuenta que ten\u00eda sugerencia por parte de algunos usuarios para agregar caracter\u00edsticas, mejorar unas existentes y otras cosas que ten\u00eda en mente. Al revisar me di cuenta de la\u2026","rel":"","context":"En \u00abDesarrollo web\u00bb","block_context":{"text":"Desarrollo web","link":"https:\/\/skatox.com\/blog\/category\/todo-lo-relacionado-al-desarrollo-de-software\/desarrollo-web\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":4651,"url":"https:\/\/skatox.com\/blog\/2023\/06\/05\/js-categories-list-4-0\/","url_meta":{"origin":5318,"position":3},"title":"JS Categories List 4.0","author":"Miguel Useche","date":"5 de junio de 2023","format":false,"excerpt":"Luego de 7 a\u00f1os tuve la oportunidad de dedicarle tiempo a mi plugin JS Categories List y poder actualizarlo para que est\u00e9 al d\u00eda respecto a los est\u00e1ndares de WordPress y de la web en general. El plugin muestra un listado de categor\u00edas expandibles Durante este tiempo WordPress a\u00f1adi\u00f3 Gutenberg,\u2026","rel":"","context":"En \u00abDesarrollo web\u00bb","block_context":{"text":"Desarrollo web","link":"https:\/\/skatox.com\/blog\/category\/todo-lo-relacionado-al-desarrollo-de-software\/desarrollo-web\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/skatox.com\/blog\/images\/2023\/06\/screenshot-2.png?resize=350%2C200&ssl=1","width":350,"height":200},"classes":[]},{"id":2056,"url":"https:\/\/skatox.com\/blog\/2010\/12\/07\/jquery-categories-list\/","url_meta":{"origin":5318,"position":4},"title":"jQuery Categories List","author":"Miguel Useche","date":"7 de diciembre de 2010","format":false,"excerpt":"Este es mi segundo plugin para Wordpress, creado por solicitud de varios usuarios quienes pidieron tener un plugin similar a jQuery Archive List pero para mostrar las categor\u00edas de un blog. B\u00e1sicamente es el mismo plugin a diferencia que muestra las categor\u00edas y la configuraci\u00f3n es un poco distinta. Entre\u2026","rel":"","context":"En \u00abDesarrollo web\u00bb","block_context":{"text":"Desarrollo web","link":"https:\/\/skatox.com\/blog\/category\/todo-lo-relacionado-al-desarrollo-de-software\/desarrollo-web\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":3937,"url":"https:\/\/skatox.com\/blog\/2018\/11\/26\/jquery-archive-list-4-0\/","url_meta":{"origin":5318,"position":5},"title":"Liberado jQuery Archive List 4.0","author":"Miguel Useche","date":"26 de noviembre de 2018","format":false,"excerpt":"Luego de 3 a\u00f1os y medio sin realizar ning\u00fan desarrollo en mi primer plugin de WordPress: jQuery Archive List (adem\u00e1s de cumplir exactamente 8 a\u00f1os de crearlo). Pude conseguir un tiempo para actualizarlo e incluir funcionalidades pendientes. Lo primero en hacer fue reescribir el c\u00f3digo siguiendo las convenciones de c\u00f3digo\u2026","rel":"","context":"En \u00abDesarrollo web\u00bb","block_context":{"text":"Desarrollo web","link":"https:\/\/skatox.com\/blog\/category\/todo-lo-relacionado-al-desarrollo-de-software\/desarrollo-web\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]}],"_links":{"self":[{"href":"https:\/\/skatox.com\/blog\/wp-json\/wp\/v2\/posts\/5318","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/skatox.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/skatox.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/skatox.com\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/skatox.com\/blog\/wp-json\/wp\/v2\/comments?post=5318"}],"version-history":[{"count":0,"href":"https:\/\/skatox.com\/blog\/wp-json\/wp\/v2\/posts\/5318\/revisions"}],"wp:attachment":[{"href":"https:\/\/skatox.com\/blog\/wp-json\/wp\/v2\/media?parent=5318"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/skatox.com\/blog\/wp-json\/wp\/v2\/categories?post=5318"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/skatox.com\/blog\/wp-json\/wp\/v2\/tags?post=5318"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}