{"id":2771,"date":"2024-02-02T16:15:24","date_gmt":"2024-02-02T16:15:24","guid":{"rendered":"http:\/\/127.0.0.1\/pagelayer-1-7-9-cross-site-scripting-almacenada-autenticada-administrador-a-traves-del-codigo-header-footer\/"},"modified":"2024-02-02T16:15:24","modified_gmt":"2024-02-02T16:15:24","slug":"pagelayer-1-7-9-cross-site-scripting-almacenada-autenticada-administrador-a-traves-del-codigo-header-footer","status":"publish","type":"post","link":"http:\/\/127.0.0.1\/pagelayer-1-7-9-cross-site-scripting-almacenada-autenticada-administrador-a-traves-del-codigo-header-footer\/","title":{"rendered":"Pagelayer &lt;= 1.7.9 &#8211; Cross-Site Scripting almacenada autenticada (Administrador+) a trav\u00e9s del c\u00f3digo Header\/Footer"},"content":{"rendered":"<div>En este reporte de seguridad, se ha identificado una vulnerabilidad en el plugin de WordPress Page Builder: Pagelayer. Esta vulnerabilidad permite la ejecuci\u00f3n de scripts maliciosos en p\u00e1ginas espec\u00edficas a trav\u00e9s del c\u00f3digo Header\/Footer. Es importante destacar que esto solo afecta a instalaciones de WordPress que tienen habilitada la opci\u00f3n de m\u00faltiples sitios o donde se ha desactivado &#8216;unfiltered_html&#8217;.<\/div>\n<p><\/p>\n<div>La vulnerabilidad de Cross-Site Scripting almacenada en el plugin Page Builder: Pagelayer hasta la versi\u00f3n 1.7.9 permite a un atacante autenticado con acceso de administrador inyectar scripts web arbitrarios en p\u00e1ginas espec\u00edficas. Esto representa un riesgo significativo, ya que los scripts maliciosos se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina infectada. Esta vulnerabilidad es causada por una sanitizaci\u00f3n insuficiente de la entrada y un escape deficiente de la salida.<\/p>\n<p>Para mitigar este problema, los usuarios pueden realizar las siguientes acciones:<\/p>\n<p>1. Actualizar el plugin a la \u00faltima versi\u00f3n disponible para garantizar que se hayan corregido las vulnerabilidades.<br \/>\n2. Limitar el acceso de administraci\u00f3n a usuarios confiables y reducir al m\u00ednimo la cantidad de usuarios con privilegios de administrador.<br \/>\n3. Mantener siempre todas las aplicaciones, plugins y temas actualizados y utilizar soluciones de seguridad confiables.<br \/>\n4. Considerar el uso de un plugin de seguridad adicional para ayudar a monitorear e identificar posibles amenazas de seguridad.<\/p><\/div>\n<div>La vulnerabilidad de Cross-Site Scripting almacenada en el plugin Page Builder: Pagelayer representa un riesgo significativo para las instalaciones de WordPress. Es importante que los usuarios tomen medidas proactivas para garantizar la seguridad de sus sitios web. Siguiendo las soluciones mencionadas anteriormente, los usuarios pueden mitigar eficazmente esta vulnerabilidad y proteger sus sitios contra posibles ataques de Cross-Site Scripting almacenada.<\/div>\n","protected":false},"excerpt":{"rendered":"<p>En este reporte de seguridad, se ha identificado una vulnerabilidad en el plugin de WordPress Page Builder: Pagelayer. Esta vulnerabilidad permite la ejecuci\u00f3n de scripts maliciosos en p\u00e1ginas espec\u00edficas a trav\u00e9s del c\u00f3digo Header\/Footer. Es importante destacar que esto solo afecta a instalaciones de WordPress que tienen habilitada la opci\u00f3n de m\u00faltiples sitios o donde [&hellip;]<\/p>\n","protected":false},"author":0,"featured_media":0,"comment_status":"","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[486],"class_list":["post-2771","post","type-post","status-publish","format-standard","hentry","category-uncategorized","tag-cve-2023-5124"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v21.8 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Pagelayer &lt;= 1.7.9 - Cross-Site Scripting almacenada autenticada (Administrador+) a trav\u00e9s del c\u00f3digo Header\/Footer - SeguridadWordPress.es<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"http:\/\/127.0.0.1\/pagelayer-1-7-9-cross-site-scripting-almacenada-autenticada-administrador-a-traves-del-codigo-header-footer\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Pagelayer &lt;= 1.7.9 - Cross-Site Scripting almacenada autenticada (Administrador+) a trav\u00e9s del c\u00f3digo Header\/Footer - SeguridadWordPress.es\" \/>\n<meta property=\"og:description\" content=\"En este reporte de seguridad, se ha identificado una vulnerabilidad en el plugin de WordPress Page Builder: Pagelayer. Esta vulnerabilidad permite la ejecuci\u00f3n de scripts maliciosos en p\u00e1ginas espec\u00edficas a trav\u00e9s del c\u00f3digo Header\/Footer. Es importante destacar que esto solo afecta a instalaciones de WordPress que tienen habilitada la opci\u00f3n de m\u00faltiples sitios o donde [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"http:\/\/127.0.0.1\/pagelayer-1-7-9-cross-site-scripting-almacenada-autenticada-administrador-a-traves-del-codigo-header-footer\/\" \/>\n<meta property=\"og:site_name\" content=\"SeguridadWordPress.es\" \/>\n<meta property=\"article:published_time\" content=\"2024-02-02T16:15:24+00:00\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"http:\/\/127.0.0.1\/pagelayer-1-7-9-cross-site-scripting-almacenada-autenticada-administrador-a-traves-del-codigo-header-footer\/\",\"url\":\"http:\/\/127.0.0.1\/pagelayer-1-7-9-cross-site-scripting-almacenada-autenticada-administrador-a-traves-del-codigo-header-footer\/\",\"name\":\"Pagelayer &lt;= 1.7.9 - Cross-Site Scripting almacenada autenticada (Administrador+) a trav\u00e9s del c\u00f3digo Header\/Footer - SeguridadWordPress.es\",\"isPartOf\":{\"@id\":\"http:\/\/127.0.0.1\/#website\"},\"datePublished\":\"2024-02-02T16:15:24+00:00\",\"dateModified\":\"2024-02-02T16:15:24+00:00\",\"author\":{\"@id\":\"\"},\"breadcrumb\":{\"@id\":\"http:\/\/127.0.0.1\/pagelayer-1-7-9-cross-site-scripting-almacenada-autenticada-administrador-a-traves-del-codigo-header-footer\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"http:\/\/127.0.0.1\/pagelayer-1-7-9-cross-site-scripting-almacenada-autenticada-administrador-a-traves-del-codigo-header-footer\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"http:\/\/127.0.0.1\/pagelayer-1-7-9-cross-site-scripting-almacenada-autenticada-administrador-a-traves-del-codigo-header-footer\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"http:\/\/127.0.0.1\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Pagelayer &lt;= 1.7.9 &#8211; Cross-Site Scripting almacenada autenticada (Administrador+) a trav\u00e9s del c\u00f3digo Header\/Footer\"}]},{\"@type\":\"WebSite\",\"@id\":\"http:\/\/127.0.0.1\/#website\",\"url\":\"http:\/\/127.0.0.1\/\",\"name\":\"SeguridadWordPress.es\",\"description\":\"Recopilaci\u00f3n de vulnerabilidades WordPress.\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"http:\/\/127.0.0.1\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Pagelayer &lt;= 1.7.9 - Cross-Site Scripting almacenada autenticada (Administrador+) a trav\u00e9s del c\u00f3digo Header\/Footer - SeguridadWordPress.es","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"http:\/\/127.0.0.1\/pagelayer-1-7-9-cross-site-scripting-almacenada-autenticada-administrador-a-traves-del-codigo-header-footer\/","og_locale":"en_US","og_type":"article","og_title":"Pagelayer &lt;= 1.7.9 - Cross-Site Scripting almacenada autenticada (Administrador+) a trav\u00e9s del c\u00f3digo Header\/Footer - SeguridadWordPress.es","og_description":"En este reporte de seguridad, se ha identificado una vulnerabilidad en el plugin de WordPress Page Builder: Pagelayer. Esta vulnerabilidad permite la ejecuci\u00f3n de scripts maliciosos en p\u00e1ginas espec\u00edficas a trav\u00e9s del c\u00f3digo Header\/Footer. Es importante destacar que esto solo afecta a instalaciones de WordPress que tienen habilitada la opci\u00f3n de m\u00faltiples sitios o donde [&hellip;]","og_url":"http:\/\/127.0.0.1\/pagelayer-1-7-9-cross-site-scripting-almacenada-autenticada-administrador-a-traves-del-codigo-header-footer\/","og_site_name":"SeguridadWordPress.es","article_published_time":"2024-02-02T16:15:24+00:00","twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"http:\/\/127.0.0.1\/pagelayer-1-7-9-cross-site-scripting-almacenada-autenticada-administrador-a-traves-del-codigo-header-footer\/","url":"http:\/\/127.0.0.1\/pagelayer-1-7-9-cross-site-scripting-almacenada-autenticada-administrador-a-traves-del-codigo-header-footer\/","name":"Pagelayer &lt;= 1.7.9 - Cross-Site Scripting almacenada autenticada (Administrador+) a trav\u00e9s del c\u00f3digo Header\/Footer - SeguridadWordPress.es","isPartOf":{"@id":"http:\/\/127.0.0.1\/#website"},"datePublished":"2024-02-02T16:15:24+00:00","dateModified":"2024-02-02T16:15:24+00:00","author":{"@id":""},"breadcrumb":{"@id":"http:\/\/127.0.0.1\/pagelayer-1-7-9-cross-site-scripting-almacenada-autenticada-administrador-a-traves-del-codigo-header-footer\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["http:\/\/127.0.0.1\/pagelayer-1-7-9-cross-site-scripting-almacenada-autenticada-administrador-a-traves-del-codigo-header-footer\/"]}]},{"@type":"BreadcrumbList","@id":"http:\/\/127.0.0.1\/pagelayer-1-7-9-cross-site-scripting-almacenada-autenticada-administrador-a-traves-del-codigo-header-footer\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"http:\/\/127.0.0.1\/"},{"@type":"ListItem","position":2,"name":"Pagelayer &lt;= 1.7.9 &#8211; Cross-Site Scripting almacenada autenticada (Administrador+) a trav\u00e9s del c\u00f3digo Header\/Footer"}]},{"@type":"WebSite","@id":"http:\/\/127.0.0.1\/#website","url":"http:\/\/127.0.0.1\/","name":"SeguridadWordPress.es","description":"Recopilaci\u00f3n de vulnerabilidades WordPress.","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"http:\/\/127.0.0.1\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"}]}},"amp_enabled":true,"_links":{"self":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts\/2771"}],"collection":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/comments?post=2771"}],"version-history":[{"count":0,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts\/2771\/revisions"}],"wp:attachment":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/media?parent=2771"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/categories?post=2771"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/tags?post=2771"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}