{"id":2827,"date":"2024-02-07T18:15:59","date_gmt":"2024-02-07T18:15:59","guid":{"rendered":"http:\/\/127.0.0.1\/elementor-addons-by-livemesh-8-3-2-cross-site-scripting-almacenado-autenticado-contribuyente\/"},"modified":"2024-02-07T18:15:59","modified_gmt":"2024-02-07T18:15:59","slug":"elementor-addons-by-livemesh-8-3-2-cross-site-scripting-almacenado-autenticado-contribuyente","status":"publish","type":"post","link":"http:\/\/127.0.0.1\/elementor-addons-by-livemesh-8-3-2-cross-site-scripting-almacenado-autenticado-contribuyente\/","title":{"rendered":"Elementor Addons by Livemesh <= 8.3.2 – Cross-Site Scripting Almacenado Autenticado (Contribuyente+)"},"content":{"rendered":"
El complemento Elementor Addons by Livemesh para WordPress es vulnerable a Cross-Site Scripting Almacenado a trav\u00e9s del campo custom class en todas las versiones hasta, e incluyendo, la versi\u00f3n 8.3.2 debido a una insuficiente sanitizaci\u00f3n de entrada y escape de salida. Esto permite a atacantes autenticados, con acceso de contribuyente o superior, inyectar scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada.<\/div>\n

<\/p>\n

La vulnerabilidad de Cross-Site Scripting Almacenado aprovecha una falta de sanitizaci\u00f3n adecuada de la entrada de usuario en el campo custom class del complemento Elementor Addons by Livemesh. Esto significa que un atacante autenticado, con acceso de contributor o superior, puede inyectar c\u00f3digo JavaScript malicioso en el campo custom class, el cual se ejecutar\u00e1 cuando un usuario acceda a una p\u00e1gina que contiene el campo vulnerable.<\/p>\n

Para evitar este problema, se recomienda a los usuarios que actualicen a la versi\u00f3n m\u00e1s reciente del complemento Elementor Addons by Livemesh, en la cual se ha solucionado esta vulnerabilidad. Adem\u00e1s, es importante tener buenos pr\u00e1cticas de seguridad, como utilizar contrase\u00f1as fuertes y limitar y controlar los accesos de usuario con diferentes permisos dentro de WordPress.<\/p><\/div>\n

La vulnerabilidad de Cross-Site Scripting Almacenado en el complemento Elementor Addons by Livemesh permite a atacantes autenticados inyectar c\u00f3digo JavaScript malicioso en p\u00e1ginas de WordPress. Para protegerse, los usuarios deben actualizar a la versi\u00f3n m\u00e1s reciente del complemento y seguir buenas pr\u00e1cticas de seguridad en WordPress.<\/div>\n","protected":false},"excerpt":{"rendered":"

El complemento Elementor Addons by Livemesh para WordPress es vulnerable a Cross-Site Scripting Almacenado a trav\u00e9s del campo custom class en todas las versiones hasta, e incluyendo, la versi\u00f3n 8.3.2 debido a una insuficiente sanitizaci\u00f3n de entrada y escape de salida. Esto permite a atacantes autenticados, con acceso de contribuyente o superior, inyectar scripts web […]<\/p>\n","protected":false},"author":0,"featured_media":0,"comment_status":"","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[542],"class_list":["post-2827","post","type-post","status-publish","format-standard","hentry","category-uncategorized","tag-cve-2024-1235"],"yoast_head":"\nElementor Addons by Livemesh <= 8.3.2 - Cross-Site Scripting Almacenado Autenticado (Contribuyente+) - SeguridadWordPress.es<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"http:\/\/127.0.0.1\/elementor-addons-by-livemesh-8-3-2-cross-site-scripting-almacenado-autenticado-contribuyente\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Elementor Addons by Livemesh <= 8.3.2 - Cross-Site Scripting Almacenado Autenticado (Contribuyente+) - SeguridadWordPress.es\" \/>\n<meta property=\"og:description\" content=\"El complemento Elementor Addons by Livemesh para WordPress es vulnerable a Cross-Site Scripting Almacenado a trav\u00e9s del campo custom class en todas las versiones hasta, e incluyendo, la versi\u00f3n 8.3.2 debido a una insuficiente sanitizaci\u00f3n de entrada y escape de salida. Esto permite a atacantes autenticados, con acceso de contribuyente o superior, inyectar scripts web […]\" \/>\n<meta property=\"og:url\" content=\"http:\/\/127.0.0.1\/elementor-addons-by-livemesh-8-3-2-cross-site-scripting-almacenado-autenticado-contribuyente\/\" \/>\n<meta property=\"og:site_name\" content=\"SeguridadWordPress.es\" \/>\n<meta property=\"article:published_time\" content=\"2024-02-07T18:15:59+00:00\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"http:\/\/127.0.0.1\/elementor-addons-by-livemesh-8-3-2-cross-site-scripting-almacenado-autenticado-contribuyente\/\",\"url\":\"http:\/\/127.0.0.1\/elementor-addons-by-livemesh-8-3-2-cross-site-scripting-almacenado-autenticado-contribuyente\/\",\"name\":\"Elementor Addons by Livemesh <= 8.3.2 - Cross-Site Scripting Almacenado Autenticado (Contribuyente+) - SeguridadWordPress.es\",\"isPartOf\":{\"@id\":\"http:\/\/127.0.0.1\/#website\"},\"datePublished\":\"2024-02-07T18:15:59+00:00\",\"dateModified\":\"2024-02-07T18:15:59+00:00\",\"author\":{\"@id\":\"\"},\"breadcrumb\":{\"@id\":\"http:\/\/127.0.0.1\/elementor-addons-by-livemesh-8-3-2-cross-site-scripting-almacenado-autenticado-contribuyente\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"http:\/\/127.0.0.1\/elementor-addons-by-livemesh-8-3-2-cross-site-scripting-almacenado-autenticado-contribuyente\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"http:\/\/127.0.0.1\/elementor-addons-by-livemesh-8-3-2-cross-site-scripting-almacenado-autenticado-contribuyente\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"http:\/\/127.0.0.1\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Elementor Addons by Livemesh <= 8.3.2 – Cross-Site Scripting Almacenado Autenticado (Contribuyente+)\"}]},{\"@type\":\"WebSite\",\"@id\":\"http:\/\/127.0.0.1\/#website\",\"url\":\"http:\/\/127.0.0.1\/\",\"name\":\"SeguridadWordPress.es\",\"description\":\"Recopilaci\u00f3n de vulnerabilidades WordPress.\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"http:\/\/127.0.0.1\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Elementor Addons by Livemesh <= 8.3.2 - Cross-Site Scripting Almacenado Autenticado (Contribuyente+) - SeguridadWordPress.es","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"http:\/\/127.0.0.1\/elementor-addons-by-livemesh-8-3-2-cross-site-scripting-almacenado-autenticado-contribuyente\/","og_locale":"en_US","og_type":"article","og_title":"Elementor Addons by Livemesh <= 8.3.2 - Cross-Site Scripting Almacenado Autenticado (Contribuyente+) - SeguridadWordPress.es","og_description":"El complemento Elementor Addons by Livemesh para WordPress es vulnerable a Cross-Site Scripting Almacenado a trav\u00e9s del campo custom class en todas las versiones hasta, e incluyendo, la versi\u00f3n 8.3.2 debido a una insuficiente sanitizaci\u00f3n de entrada y escape de salida. Esto permite a atacantes autenticados, con acceso de contribuyente o superior, inyectar scripts web […]","og_url":"http:\/\/127.0.0.1\/elementor-addons-by-livemesh-8-3-2-cross-site-scripting-almacenado-autenticado-contribuyente\/","og_site_name":"SeguridadWordPress.es","article_published_time":"2024-02-07T18:15:59+00:00","twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"http:\/\/127.0.0.1\/elementor-addons-by-livemesh-8-3-2-cross-site-scripting-almacenado-autenticado-contribuyente\/","url":"http:\/\/127.0.0.1\/elementor-addons-by-livemesh-8-3-2-cross-site-scripting-almacenado-autenticado-contribuyente\/","name":"Elementor Addons by Livemesh <= 8.3.2 - Cross-Site Scripting Almacenado Autenticado (Contribuyente+) - SeguridadWordPress.es","isPartOf":{"@id":"http:\/\/127.0.0.1\/#website"},"datePublished":"2024-02-07T18:15:59+00:00","dateModified":"2024-02-07T18:15:59+00:00","author":{"@id":""},"breadcrumb":{"@id":"http:\/\/127.0.0.1\/elementor-addons-by-livemesh-8-3-2-cross-site-scripting-almacenado-autenticado-contribuyente\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["http:\/\/127.0.0.1\/elementor-addons-by-livemesh-8-3-2-cross-site-scripting-almacenado-autenticado-contribuyente\/"]}]},{"@type":"BreadcrumbList","@id":"http:\/\/127.0.0.1\/elementor-addons-by-livemesh-8-3-2-cross-site-scripting-almacenado-autenticado-contribuyente\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"http:\/\/127.0.0.1\/"},{"@type":"ListItem","position":2,"name":"Elementor Addons by Livemesh <= 8.3.2 – Cross-Site Scripting Almacenado Autenticado (Contribuyente+)"}]},{"@type":"WebSite","@id":"http:\/\/127.0.0.1\/#website","url":"http:\/\/127.0.0.1\/","name":"SeguridadWordPress.es","description":"Recopilaci\u00f3n de vulnerabilidades WordPress.","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"http:\/\/127.0.0.1\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"}]}},"amp_enabled":true,"_links":{"self":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts\/2827"}],"collection":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/comments?post=2827"}],"version-history":[{"count":0,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts\/2827\/revisions"}],"wp:attachment":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/media?parent=2827"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/categories?post=2827"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/tags?post=2827"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}