{"id":2888,"date":"2024-02-13T22:45:15","date_gmt":"2024-02-13T22:45:15","guid":{"rendered":"http:\/\/127.0.0.1\/happy-addons-for-elementor-3-10-1-cross-site-scripting-xss-almacenado-autenticado-contributor\/"},"modified":"2024-02-13T22:45:15","modified_gmt":"2024-02-13T22:45:15","slug":"happy-addons-for-elementor-3-10-1-cross-site-scripting-xss-almacenado-autenticado-contributor","status":"publish","type":"post","link":"http:\/\/127.0.0.1\/happy-addons-for-elementor-3-10-1-cross-site-scripting-xss-almacenado-autenticado-contributor\/","title":{"rendered":"Happy Addons for Elementor &lt;= 3.10.1 &#8211; Cross-Site Scripting (XSS) Almacenado Autenticado (Contributor+)"},"content":{"rendered":"<div>El complemento Happy Addons for Elementor para WordPress es vulnerable a Cross-Site Scripting (XSS) almacenado a trav\u00e9s del par\u00e1metro de enlace envolvente en la puerta de edad en todas las versiones hasta, e incluyendo, la 3.10.1 debido a una sanitizaci\u00f3n insuficiente de entradas y escape de salida. Esto permite a atacantes autenticados con acceso como colaboradores o superior inyectar script web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada.<\/div>\n<p><\/p>\n<div>La vulnerabilidad de Cross-Site Scripting almacenada en el complemento Happy Addons for Elementor permite que un atacante autenticado con privilegios de contribuidor o superior inyecte c\u00f3digo de script web en p\u00e1ginas que ser\u00e1n ejecutadas de forma autom\u00e1tica al ser accedidas por los usuarios. Esto podr\u00eda permitir que el atacante lleve a cabo acciones maliciosas, como robar informaci\u00f3n confidencial o redirigir a los usuarios a sitios web maliciosos.<\/p>\n<p>Para mitigar este riesgo, se recomienda a los usuarios tomar las siguientes medidas:<\/p>\n<p>1. Actualizar el complemento a la \u00faltima versi\u00f3n disponible.<br \/>\n2. Verificar la fuente y reputaci\u00f3n de los complementos antes de instalarlos.<br \/>\n3. Mantener un monitoreo constante de las actualizaciones de seguridad y parches para complementos instalados.<br \/>\n4. Limitar los privilegios de los usuarios de WordPress a los estrictamente necesarios.<\/p><\/div>\n<div>La vulnerabilidad de Cross-Site Scripting almacenada en el complemento Happy Addons for Elementor pone en riesgo la seguridad de los usuarios de WordPress. Es importante tomar medidas preventivas, como mantener todos los complementos actualizados y limitar los privilegios de los usuarios, para mitigar este riesgo y proteger la integridad de los sitios web.<\/div>\n","protected":false},"excerpt":{"rendered":"<p>El complemento Happy Addons for Elementor para WordPress es vulnerable a Cross-Site Scripting (XSS) almacenado a trav\u00e9s del par\u00e1metro de enlace envolvente en la puerta de edad en todas las versiones hasta, e incluyendo, la 3.10.1 debido a una sanitizaci\u00f3n insuficiente de entradas y escape de salida. Esto permite a atacantes autenticados con acceso como [&hellip;]<\/p>\n","protected":false},"author":0,"featured_media":0,"comment_status":"","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[601],"class_list":["post-2888","post","type-post","status-publish","format-standard","hentry","category-uncategorized","tag-cve-2024-0438"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v21.8 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Happy Addons for Elementor &lt;= 3.10.1 - Cross-Site Scripting (XSS) Almacenado Autenticado (Contributor+) - SeguridadWordPress.es<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"http:\/\/127.0.0.1\/happy-addons-for-elementor-3-10-1-cross-site-scripting-xss-almacenado-autenticado-contributor\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Happy Addons for Elementor &lt;= 3.10.1 - Cross-Site Scripting (XSS) Almacenado Autenticado (Contributor+) - SeguridadWordPress.es\" \/>\n<meta property=\"og:description\" content=\"El complemento Happy Addons for Elementor para WordPress es vulnerable a Cross-Site Scripting (XSS) almacenado a trav\u00e9s del par\u00e1metro de enlace envolvente en la puerta de edad en todas las versiones hasta, e incluyendo, la 3.10.1 debido a una sanitizaci\u00f3n insuficiente de entradas y escape de salida. Esto permite a atacantes autenticados con acceso como [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"http:\/\/127.0.0.1\/happy-addons-for-elementor-3-10-1-cross-site-scripting-xss-almacenado-autenticado-contributor\/\" \/>\n<meta property=\"og:site_name\" content=\"SeguridadWordPress.es\" \/>\n<meta property=\"article:published_time\" content=\"2024-02-13T22:45:15+00:00\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"http:\/\/127.0.0.1\/happy-addons-for-elementor-3-10-1-cross-site-scripting-xss-almacenado-autenticado-contributor\/\",\"url\":\"http:\/\/127.0.0.1\/happy-addons-for-elementor-3-10-1-cross-site-scripting-xss-almacenado-autenticado-contributor\/\",\"name\":\"Happy Addons for Elementor &lt;= 3.10.1 - Cross-Site Scripting (XSS) Almacenado Autenticado (Contributor+) - SeguridadWordPress.es\",\"isPartOf\":{\"@id\":\"http:\/\/127.0.0.1\/#website\"},\"datePublished\":\"2024-02-13T22:45:15+00:00\",\"dateModified\":\"2024-02-13T22:45:15+00:00\",\"author\":{\"@id\":\"\"},\"breadcrumb\":{\"@id\":\"http:\/\/127.0.0.1\/happy-addons-for-elementor-3-10-1-cross-site-scripting-xss-almacenado-autenticado-contributor\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"http:\/\/127.0.0.1\/happy-addons-for-elementor-3-10-1-cross-site-scripting-xss-almacenado-autenticado-contributor\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"http:\/\/127.0.0.1\/happy-addons-for-elementor-3-10-1-cross-site-scripting-xss-almacenado-autenticado-contributor\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"http:\/\/127.0.0.1\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Happy Addons for Elementor &lt;= 3.10.1 &#8211; Cross-Site Scripting (XSS) Almacenado Autenticado (Contributor+)\"}]},{\"@type\":\"WebSite\",\"@id\":\"http:\/\/127.0.0.1\/#website\",\"url\":\"http:\/\/127.0.0.1\/\",\"name\":\"SeguridadWordPress.es\",\"description\":\"Recopilaci\u00f3n de vulnerabilidades WordPress.\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"http:\/\/127.0.0.1\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Happy Addons for Elementor &lt;= 3.10.1 - Cross-Site Scripting (XSS) Almacenado Autenticado (Contributor+) - SeguridadWordPress.es","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"http:\/\/127.0.0.1\/happy-addons-for-elementor-3-10-1-cross-site-scripting-xss-almacenado-autenticado-contributor\/","og_locale":"en_US","og_type":"article","og_title":"Happy Addons for Elementor &lt;= 3.10.1 - Cross-Site Scripting (XSS) Almacenado Autenticado (Contributor+) - SeguridadWordPress.es","og_description":"El complemento Happy Addons for Elementor para WordPress es vulnerable a Cross-Site Scripting (XSS) almacenado a trav\u00e9s del par\u00e1metro de enlace envolvente en la puerta de edad en todas las versiones hasta, e incluyendo, la 3.10.1 debido a una sanitizaci\u00f3n insuficiente de entradas y escape de salida. Esto permite a atacantes autenticados con acceso como [&hellip;]","og_url":"http:\/\/127.0.0.1\/happy-addons-for-elementor-3-10-1-cross-site-scripting-xss-almacenado-autenticado-contributor\/","og_site_name":"SeguridadWordPress.es","article_published_time":"2024-02-13T22:45:15+00:00","twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"http:\/\/127.0.0.1\/happy-addons-for-elementor-3-10-1-cross-site-scripting-xss-almacenado-autenticado-contributor\/","url":"http:\/\/127.0.0.1\/happy-addons-for-elementor-3-10-1-cross-site-scripting-xss-almacenado-autenticado-contributor\/","name":"Happy Addons for Elementor &lt;= 3.10.1 - Cross-Site Scripting (XSS) Almacenado Autenticado (Contributor+) - SeguridadWordPress.es","isPartOf":{"@id":"http:\/\/127.0.0.1\/#website"},"datePublished":"2024-02-13T22:45:15+00:00","dateModified":"2024-02-13T22:45:15+00:00","author":{"@id":""},"breadcrumb":{"@id":"http:\/\/127.0.0.1\/happy-addons-for-elementor-3-10-1-cross-site-scripting-xss-almacenado-autenticado-contributor\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["http:\/\/127.0.0.1\/happy-addons-for-elementor-3-10-1-cross-site-scripting-xss-almacenado-autenticado-contributor\/"]}]},{"@type":"BreadcrumbList","@id":"http:\/\/127.0.0.1\/happy-addons-for-elementor-3-10-1-cross-site-scripting-xss-almacenado-autenticado-contributor\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"http:\/\/127.0.0.1\/"},{"@type":"ListItem","position":2,"name":"Happy Addons for Elementor &lt;= 3.10.1 &#8211; Cross-Site Scripting (XSS) Almacenado Autenticado (Contributor+)"}]},{"@type":"WebSite","@id":"http:\/\/127.0.0.1\/#website","url":"http:\/\/127.0.0.1\/","name":"SeguridadWordPress.es","description":"Recopilaci\u00f3n de vulnerabilidades WordPress.","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"http:\/\/127.0.0.1\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"}]}},"amp_enabled":true,"_links":{"self":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts\/2888"}],"collection":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/comments?post=2888"}],"version-history":[{"count":0,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts\/2888\/revisions"}],"wp:attachment":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/media?parent=2888"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/categories?post=2888"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/tags?post=2888"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}