{"id":2880,"date":"2024-02-12T20:45:15","date_gmt":"2024-02-12T20:45:15","guid":{"rendered":"http:\/\/127.0.0.1\/siteorigin-widgets-bundle-1-58-2-cross-site-scripting-almacenada-autenticada-contributor\/"},"modified":"2024-02-12T20:45:15","modified_gmt":"2024-02-12T20:45:15","slug":"siteorigin-widgets-bundle-1-58-2-cross-site-scripting-almacenada-autenticada-contributor","status":"publish","type":"post","link":"http:\/\/127.0.0.1\/siteorigin-widgets-bundle-1-58-2-cross-site-scripting-almacenada-autenticada-contributor\/","title":{"rendered":"SiteOrigin Widgets Bundle <= 1.58.2 – Cross-Site Scripting almacenada autenticada (Contributor+)"},"content":{"rendered":"
La vulnerabilidad de Cross-Site Scripting almacenada (Stored XSS) en el plugin SiteOrigin Widgets Bundle para WordPress permite que atacantes autenticados inyecten scripts web maliciosos en p\u00e1ginas, lo que puede ser peligroso para los usuarios que accedan a esas p\u00e1ginas.<\/div>\n

<\/p>\n

El plugin SiteOrigin Widgets Bundle hasta la versi\u00f3n 1.58.2 presenta una vulnerabilidad de Cross-Site Scripting almacenada. Esta vulnerabilidad se produce debido a una insuficiente sanitizaci\u00f3n de la entrada de datos y una falta de escape de salida en el atributo ‘features’. Esto permite que atacantes autenticados con acceso de contribuidor o superior inyecten scripts web arbitrarios en las p\u00e1ginas del sitio. Estos scripts se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina afectada.<\/p>\n

Para subsanar este problema, se recomienda a los usuarios actualizar el plugin a la \u00faltima versi\u00f3n disponible. Adem\u00e1s, es importante seguir buenas pr\u00e1cticas de seguridad, como limitar el acceso de los usuarios privilegiados y revisar regularmente las p\u00e1ginas para detectar posibles inyecciones de scripts maliciosos. <\/p><\/div>\n

Es fundamental tomar medidas preventivas para protegerse de las vulnerabilidades de Cross-Site Scripting almacenada en WordPress. Actualizar los plugins a sus \u00faltimas versiones, implementar pol\u00edticas de acceso seguras y realizar auditor\u00edas peri\u00f3dicas del sitio son algunas de las acciones que se pueden llevar a cabo para mitigar este riesgo.<\/div>\n","protected":false},"excerpt":{"rendered":"

La vulnerabilidad de Cross-Site Scripting almacenada (Stored XSS) en el plugin SiteOrigin Widgets Bundle para WordPress permite que atacantes autenticados inyecten scripts web maliciosos en p\u00e1ginas, lo que puede ser peligroso para los usuarios que accedan a esas p\u00e1ginas. El plugin SiteOrigin Widgets Bundle hasta la versi\u00f3n 1.58.2 presenta una vulnerabilidad de Cross-Site Scripting almacenada. […]<\/p>\n","protected":false},"author":0,"featured_media":0,"comment_status":"","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[593],"class_list":["post-2880","post","type-post","status-publish","format-standard","hentry","category-uncategorized","tag-cve-2024-1070"],"yoast_head":"\nSiteOrigin Widgets Bundle <= 1.58.2 - Cross-Site Scripting almacenada autenticada (Contributor+) - SeguridadWordPress.es<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"http:\/\/127.0.0.1\/siteorigin-widgets-bundle-1-58-2-cross-site-scripting-almacenada-autenticada-contributor\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"SiteOrigin Widgets Bundle <= 1.58.2 - Cross-Site Scripting almacenada autenticada (Contributor+) - SeguridadWordPress.es\" \/>\n<meta property=\"og:description\" content=\"La vulnerabilidad de Cross-Site Scripting almacenada (Stored XSS) en el plugin SiteOrigin Widgets Bundle para WordPress permite que atacantes autenticados inyecten scripts web maliciosos en p\u00e1ginas, lo que puede ser peligroso para los usuarios que accedan a esas p\u00e1ginas. El plugin SiteOrigin Widgets Bundle hasta la versi\u00f3n 1.58.2 presenta una vulnerabilidad de Cross-Site Scripting almacenada. […]\" \/>\n<meta property=\"og:url\" content=\"http:\/\/127.0.0.1\/siteorigin-widgets-bundle-1-58-2-cross-site-scripting-almacenada-autenticada-contributor\/\" \/>\n<meta property=\"og:site_name\" content=\"SeguridadWordPress.es\" \/>\n<meta property=\"article:published_time\" content=\"2024-02-12T20:45:15+00:00\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"http:\/\/127.0.0.1\/siteorigin-widgets-bundle-1-58-2-cross-site-scripting-almacenada-autenticada-contributor\/\",\"url\":\"http:\/\/127.0.0.1\/siteorigin-widgets-bundle-1-58-2-cross-site-scripting-almacenada-autenticada-contributor\/\",\"name\":\"SiteOrigin Widgets Bundle <= 1.58.2 - Cross-Site Scripting almacenada autenticada (Contributor+) - SeguridadWordPress.es\",\"isPartOf\":{\"@id\":\"http:\/\/127.0.0.1\/#website\"},\"datePublished\":\"2024-02-12T20:45:15+00:00\",\"dateModified\":\"2024-02-12T20:45:15+00:00\",\"author\":{\"@id\":\"\"},\"breadcrumb\":{\"@id\":\"http:\/\/127.0.0.1\/siteorigin-widgets-bundle-1-58-2-cross-site-scripting-almacenada-autenticada-contributor\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"http:\/\/127.0.0.1\/siteorigin-widgets-bundle-1-58-2-cross-site-scripting-almacenada-autenticada-contributor\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"http:\/\/127.0.0.1\/siteorigin-widgets-bundle-1-58-2-cross-site-scripting-almacenada-autenticada-contributor\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"http:\/\/127.0.0.1\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"SiteOrigin Widgets Bundle <= 1.58.2 – Cross-Site Scripting almacenada autenticada (Contributor+)\"}]},{\"@type\":\"WebSite\",\"@id\":\"http:\/\/127.0.0.1\/#website\",\"url\":\"http:\/\/127.0.0.1\/\",\"name\":\"SeguridadWordPress.es\",\"description\":\"Recopilaci\u00f3n de vulnerabilidades WordPress.\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"http:\/\/127.0.0.1\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"SiteOrigin Widgets Bundle <= 1.58.2 - Cross-Site Scripting almacenada autenticada (Contributor+) - SeguridadWordPress.es","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"http:\/\/127.0.0.1\/siteorigin-widgets-bundle-1-58-2-cross-site-scripting-almacenada-autenticada-contributor\/","og_locale":"en_US","og_type":"article","og_title":"SiteOrigin Widgets Bundle <= 1.58.2 - Cross-Site Scripting almacenada autenticada (Contributor+) - SeguridadWordPress.es","og_description":"La vulnerabilidad de Cross-Site Scripting almacenada (Stored XSS) en el plugin SiteOrigin Widgets Bundle para WordPress permite que atacantes autenticados inyecten scripts web maliciosos en p\u00e1ginas, lo que puede ser peligroso para los usuarios que accedan a esas p\u00e1ginas. El plugin SiteOrigin Widgets Bundle hasta la versi\u00f3n 1.58.2 presenta una vulnerabilidad de Cross-Site Scripting almacenada. […]","og_url":"http:\/\/127.0.0.1\/siteorigin-widgets-bundle-1-58-2-cross-site-scripting-almacenada-autenticada-contributor\/","og_site_name":"SeguridadWordPress.es","article_published_time":"2024-02-12T20:45:15+00:00","twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"http:\/\/127.0.0.1\/siteorigin-widgets-bundle-1-58-2-cross-site-scripting-almacenada-autenticada-contributor\/","url":"http:\/\/127.0.0.1\/siteorigin-widgets-bundle-1-58-2-cross-site-scripting-almacenada-autenticada-contributor\/","name":"SiteOrigin Widgets Bundle <= 1.58.2 - Cross-Site Scripting almacenada autenticada (Contributor+) - SeguridadWordPress.es","isPartOf":{"@id":"http:\/\/127.0.0.1\/#website"},"datePublished":"2024-02-12T20:45:15+00:00","dateModified":"2024-02-12T20:45:15+00:00","author":{"@id":""},"breadcrumb":{"@id":"http:\/\/127.0.0.1\/siteorigin-widgets-bundle-1-58-2-cross-site-scripting-almacenada-autenticada-contributor\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["http:\/\/127.0.0.1\/siteorigin-widgets-bundle-1-58-2-cross-site-scripting-almacenada-autenticada-contributor\/"]}]},{"@type":"BreadcrumbList","@id":"http:\/\/127.0.0.1\/siteorigin-widgets-bundle-1-58-2-cross-site-scripting-almacenada-autenticada-contributor\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"http:\/\/127.0.0.1\/"},{"@type":"ListItem","position":2,"name":"SiteOrigin Widgets Bundle <= 1.58.2 – Cross-Site Scripting almacenada autenticada (Contributor+)"}]},{"@type":"WebSite","@id":"http:\/\/127.0.0.1\/#website","url":"http:\/\/127.0.0.1\/","name":"SeguridadWordPress.es","description":"Recopilaci\u00f3n de vulnerabilidades WordPress.","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"http:\/\/127.0.0.1\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"}]}},"amp_enabled":true,"_links":{"self":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts\/2880"}],"collection":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/comments?post=2880"}],"version-history":[{"count":0,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts\/2880\/revisions"}],"wp:attachment":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/media?parent=2880"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/categories?post=2880"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/tags?post=2880"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}