[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fFRLr_pqGywDpobXqWMV2E-mshGAApWHD5WcsnFWFQSQ":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":23,"download_link":24,"security_score":25,"vuln_count":26,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29,"vulnerabilities":30,"developer":60,"crawl_stats":36,"alternatives":66,"analysis":88,"fingerprints":191},"mantenimiento-web","Mantenimiento web","0.14","cdoral","https:\u002F\u002Fprofiles.wordpress.org\u002Fcdoral\u002F","\u003Cp>\u003Cstrong>NUEVO:\u003C\u002Fstrong> Ahora se incluyen plantillas animadas.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Para más información sobre \u003Ca href=\"https:\u002F\u002Fwebartesanal.com\u002Fmantenimiento-web-wordpress\u002F\" rel=\"nofollow ugc\">mantenimiento web de sitios WordPress\u003C\u002Fa>\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Características del plugin:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Poner tu página en construcción para que ningún visitante pueda ver el contenido real.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Agradecimientos a \u003Ca href=\"https:\u002F\u002Fbrm.io\u002Fmatter-js\u002F\" rel=\"nofollow ugc\">BRM.IO\u003C\u002Fa> por su magnífica librería de física.\u003C\u002Fp>\n\u003Ch3>Troubleshooting\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Si al activar o desactivar el modo mantenimiento del plugin tu sitio no aplica los cambios es muy posible que se deba a que tienes un plugin de caché. Borra la caché del plugin y todo debería funcionar correctamente. También es posible que tengas que borrar la caché de tu navegador.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwebartesanal.com\u002Fservicio-mantenimiento-wordpress\u002F\" rel=\"nofollow ugc\">Si necesitas un servicio de mantenimiento web WordPress contacta con nosotros\u003C\u002Fa>\u003C\u002Fstrong>\u003C\u002Fp>\n","Este plugin permite poner tu página en modo mantenimiento con el típico mensaje \"Página en construcción\" o \"Página en mantenimiento&quo …",20000,295415,100,5,"2025-10-08T09:08:00.000Z","6.8.5","3.5","",[4,20,21,22],"mantenimiento-wordpress","modo-mantenimiento","pagina-en-construccion","https:\u002F\u002Fwebartesanal.com\u002Fmantenimiento-web\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmantenimiento-web.zip",99,2,0,"2022-10-31 15:54:00","2026-03-15T15:16:48.613Z",[31,47],{"id":32,"url_slug":33,"title":34,"description":35,"plugin_slug":4,"theme_slug":36,"affected_versions":37,"patched_in_version":38,"severity":39,"cvss_score":40,"cvss_vector":41,"vuln_type":42,"published_date":28,"updated_date":43,"references":44,"days_to_patch":46},"CVE-2022-38075","mantenimiento-web-cross-site-request-forgery","Mantenimiento web \u003C= 0.8 - Cross-Site Request Forgery","The Mantenimiento web plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 0.8. This is due to missing or incorrect nonce validation on the vista_configuracion() function. This makes it possible for unauthenticated attackers to modify the plugin's settings and inject malicious JavaScripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.   While the official CVE records indicates this was present in versions up to 0.13,  we found that this functionality was only vulnerable up to version 0.9.",null,"\u003C=0.8","0.9","medium",6.1,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Cross-Site Request Forgery (CSRF)","2024-01-22 19:56:02",[45],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fc950ac0a-80fb-4f95-ba20-afb8ba6b137f?source=api-prod",448,{"id":48,"url_slug":49,"title":50,"description":51,"plugin_slug":4,"theme_slug":36,"affected_versions":52,"patched_in_version":6,"severity":39,"cvss_score":53,"cvss_vector":54,"vuln_type":55,"published_date":56,"updated_date":43,"references":57,"days_to_patch":59},"CVE-2022-41980","mantenimiento-web-authenticated-administrator-stored-cross-site-scripting","Mantenimiento web \u003C= 0.13 - Authenticated (Administrator+) Stored Cross-Site Scripting","The Mantenimiento web plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 0.13 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","\u003C=0.13",5.5,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:H\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2022-10-20 00:00:00",[58],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Faefb7e34-ec48-4e29-b3aa-85901e12d21c?source=api-prod",460,{"slug":7,"display_name":7,"profile_url":8,"plugin_count":61,"total_installs":62,"avg_security_score":13,"avg_patch_time_days":63,"trust_score":64,"computed_at":65},3,40010,454,79,"2026-04-04T14:19:24.375Z",[67],{"slug":68,"name":69,"version":70,"author":71,"author_profile":72,"description":73,"short_description":74,"active_installs":13,"downloaded":75,"rating":13,"num_ratings":76,"last_updated":77,"tested_up_to":78,"requires_at_least":79,"requires_php":18,"tags":80,"homepage":85,"download_link":86,"security_score":87,"vuln_count":27,"unpatched_count":27,"last_vuln_date":36,"fetched_at":29},"web-en-construccion-indianwebs","Web en construccion IndianWebs","1.0","IndianWebs","https:\u002F\u002Fprofiles.wordpress.org\u002Findianwebs\u002F","\u003Cp>Pon un mensaje de web en construcción en tu sitio web.\u003C\u002Fp>\n","Pon un mensaje de web en construcción en tu sitio web.",19227,1,"2020-09-16T09:54:00.000Z","5.5.18","3.2",[81,22,82,83,84],"coming-soon-page","pagina-en-matenimiento","under-construction-page","web-en-construccion","http:\u002F\u002Findianwebs.com\u002Fplugins","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fweb-en-construccion-indianwebs.1.1.1.zip",85,{"attackSurface":89,"codeSignals":106,"taintFlows":174,"riskAssessment":175,"analyzedAt":190},{"hooks":90,"ajaxHandlers":102,"restRoutes":103,"shortcodes":104,"cronEvents":105,"entryPointCount":27,"unprotectedCount":27},[91,98],{"type":92,"name":93,"callback":94,"priority":95,"file":96,"line":97},"action","template_include","cdp_mweb_dibujar_landing",999999,"mantenimiento-web.php",58,{"type":92,"name":99,"callback":100,"file":96,"line":101},"admin_menu","cdp_mweb_admin_init",59,[],[],[],[],{"dangerousFunctions":107,"sqlUsage":108,"outputEscaping":110,"fileOperations":27,"externalRequests":27,"nonceChecks":27,"capabilityChecks":27,"bundledLibraries":169},[],{"prepared":27,"raw":27,"locations":109},[],{"escaped":111,"rawEcho":112,"locations":113},4,29,[114,117,119,121,123,125,127,129,131,133,135,137,139,141,143,145,147,150,152,154,155,157,158,160,161,162,163,165,167],{"file":115,"line":112,"context":116},"frontal\\index.php","raw output",{"file":115,"line":118,"context":116},36,{"file":115,"line":120,"context":116},38,{"file":115,"line":122,"context":116},39,{"file":115,"line":124,"context":116},41,{"file":115,"line":126,"context":116},42,{"file":115,"line":128,"context":116},44,{"file":115,"line":130,"context":116},45,{"file":115,"line":132,"context":116},46,{"file":115,"line":134,"context":116},47,{"file":115,"line":136,"context":116},70,{"file":115,"line":138,"context":116},90,{"file":115,"line":140,"context":116},109,{"file":115,"line":142,"context":116},128,{"file":115,"line":144,"context":116},191,{"file":115,"line":146,"context":116},195,{"file":148,"line":149,"context":116},"frontal-fx\\index.php",28,{"file":148,"line":151,"context":116},35,{"file":148,"line":153,"context":116},37,{"file":148,"line":120,"context":116},{"file":148,"line":156,"context":116},40,{"file":148,"line":124,"context":116},{"file":148,"line":159,"context":116},43,{"file":148,"line":128,"context":116},{"file":148,"line":130,"context":116},{"file":148,"line":132,"context":116},{"file":148,"line":164,"context":116},50,{"file":148,"line":166,"context":116},56,{"file":148,"line":168,"context":116},80,[170],{"name":171,"version":172,"knownCves":173},"jQuery","1.7.1",[],[],{"summary":176,"deductions":177},"The plugin \"mantenimiento-web\" v0.14 exhibits a mixed security posture. On the positive side, the static analysis indicates no identified dangerous functions, file operations, external HTTP requests, or vulnerabilities through taint analysis. The use of prepared statements for all SQL queries is also a strong positive. However, a significant concern is the extremely low percentage of properly escaped output (12%), suggesting a high risk of Cross-Site Scripting (XSS) vulnerabilities, especially given the plugin's vulnerability history. The absence of any identified capability checks or nonce checks on potential entry points, while the attack surface is reported as zero, is also noteworthy and could indicate an incomplete analysis or a design that relies entirely on WordPress core for security, which is not always sufficient.\n\nThe vulnerability history reveals two medium-severity CVEs, primarily related to Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS). The fact that these are not currently unpatched is good, but the pattern of these vulnerability types, combined with the static analysis's output escaping issues, strongly points to an ongoing risk of XSS. The presence of an outdated bundled library, jQuery v1.7.1, also poses a potential risk for known vulnerabilities that may not have been discovered by the provided analysis.\n\nIn conclusion, while the plugin avoids some common pitfalls like raw SQL and dangerous functions, the severe lack of output escaping is a major weakness. This, coupled with the history of XSS and CSRF vulnerabilities and the outdated bundled library, means the plugin's security is not robust. Developers should prioritize addressing the output escaping issues and consider updating bundled libraries to mitigate identified risks.",[178,181,183,186,188],{"reason":179,"points":180},"Low output escaping percentage (12%)",8,{"reason":182,"points":111},"Bundled outdated library: jQuery v1.7.1",{"reason":184,"points":185},"History of 2 medium severity CVEs (CSRF, XSS)",10,{"reason":187,"points":14},"Zero capability checks",{"reason":189,"points":14},"Zero nonce checks","2026-03-16T17:27:19.782Z",{"wat":192,"direct":201},{"assetPaths":193,"generatorPatterns":196,"scriptPaths":197,"versionParams":198},[194,195],"\u002Fwp-content\u002Fplugins\u002Fmantenimiento-web\u002Fcss\u002Fmantenimiento-web.css","\u002Fwp-content\u002Fplugins\u002Fmantenimiento-web\u002Fjs\u002Fmantenimiento-web.js",[],[195],[199,200],"mantenimiento-web\u002Fcss\u002Fmantenimiento-web.css?ver=","mantenimiento-web\u002Fjs\u002Fmantenimiento-web.js?ver=",{"cssClasses":202,"htmlComments":209,"htmlAttributes":211,"restEndpoints":212,"jsGlobals":213,"shortcodeOutput":214},[203,204,205,206,207,208],"cdp-contenedor-ppal","cdp-contenido","cdp-texto","fondo1","fondo2","fondo3",[210],"\u003C!-- cdp_mantenimiento_web -->",[],[],[],[]]