{"id":3034,"date":"2024-02-28T15:45:38","date_gmt":"2024-02-28T15:45:38","guid":{"rendered":"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-en-beaver-builder-wordpress-page-builder-2-7-4-2\/"},"modified":"2024-02-28T15:45:38","modified_gmt":"2024-02-28T15:45:38","slug":"vulnerabilidad-de-cross-site-scripting-en-beaver-builder-wordpress-page-builder-2-7-4-2","status":"publish","type":"post","link":"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-en-beaver-builder-wordpress-page-builder-2-7-4-2\/","title":{"rendered":"Vulnerabilidad de Cross-Site Scripting en Beaver Builder – WordPress Page Builder <= 2.7.4.2"},"content":{"rendered":"
La vulnerabilidad CVE-2024-1074 afecta al plugin Beaver Builder – WordPress Page Builder en versiones hasta 2.7.4.2, permitiendo a atacantes autenticados realizar Cross-Site Scripting a trav\u00e9s del par\u00e1metro ‘link_url’ del widget de audio.<\/div>\n

<\/p>\n

Se ha identificado que la falta de sanitizaci\u00f3n de entradas y escape de salidas en el plugin Beaver Builder – WordPress Page Builder permite a atacantes autenticados con acceso de contribuidor o superior inyectar scripts web arbitrarios en p\u00e1ginas, los cuales se ejecutar\u00e1n cada vez que un usuario acceda a la p\u00e1gina inyectada. Esta vulnerabilidad puede conducir a la ejecuci\u00f3n de c\u00f3digo malicioso en el navegador de los usuarios, comprometiendo la seguridad del sitio web.<\/div>\n
Para mitigar esta vulnerabilidad, se recomienda a los usuarios actualizar el plugin Beaver Builder – WordPress Page Builder a la \u00faltima versi\u00f3n disponible lo antes posible. Adem\u00e1s, se sugiere restringir los permisos de los usuarios para limitar la posibilidad de explotar esta vulnerabilidad en caso de que no se pueda actualizar inmediatamente.<\/div>\n","protected":false},"excerpt":{"rendered":"

La vulnerabilidad CVE-2024-1074 afecta al plugin Beaver Builder – WordPress Page Builder en versiones hasta 2.7.4.2, permitiendo a atacantes autenticados realizar Cross-Site Scripting a trav\u00e9s del par\u00e1metro ‘link_url’ del widget de audio. Se ha identificado que la falta de sanitizaci\u00f3n de entradas y escape de salidas en el plugin Beaver Builder – WordPress Page Builder […]<\/p>\n","protected":false},"author":0,"featured_media":0,"comment_status":"","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[747],"class_list":["post-3034","post","type-post","status-publish","format-standard","hentry","category-uncategorized","tag-cve-2024-1074"],"yoast_head":"\nVulnerabilidad de Cross-Site Scripting en Beaver Builder - WordPress Page Builder <= 2.7.4.2 - SeguridadWordPress.es<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-en-beaver-builder-wordpress-page-builder-2-7-4-2\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Vulnerabilidad de Cross-Site Scripting en Beaver Builder - WordPress Page Builder <= 2.7.4.2 - SeguridadWordPress.es\" \/>\n<meta property=\"og:description\" content=\"La vulnerabilidad CVE-2024-1074 afecta al plugin Beaver Builder – WordPress Page Builder en versiones hasta 2.7.4.2, permitiendo a atacantes autenticados realizar Cross-Site Scripting a trav\u00e9s del par\u00e1metro ‘link_url’ del widget de audio. Se ha identificado que la falta de sanitizaci\u00f3n de entradas y escape de salidas en el plugin Beaver Builder – WordPress Page Builder […]\" \/>\n<meta property=\"og:url\" content=\"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-en-beaver-builder-wordpress-page-builder-2-7-4-2\/\" \/>\n<meta property=\"og:site_name\" content=\"SeguridadWordPress.es\" \/>\n<meta property=\"article:published_time\" content=\"2024-02-28T15:45:38+00:00\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-en-beaver-builder-wordpress-page-builder-2-7-4-2\/\",\"url\":\"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-en-beaver-builder-wordpress-page-builder-2-7-4-2\/\",\"name\":\"Vulnerabilidad de Cross-Site Scripting en Beaver Builder - WordPress Page Builder <= 2.7.4.2 - SeguridadWordPress.es\",\"isPartOf\":{\"@id\":\"http:\/\/127.0.0.1\/#website\"},\"datePublished\":\"2024-02-28T15:45:38+00:00\",\"dateModified\":\"2024-02-28T15:45:38+00:00\",\"author\":{\"@id\":\"\"},\"breadcrumb\":{\"@id\":\"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-en-beaver-builder-wordpress-page-builder-2-7-4-2\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-en-beaver-builder-wordpress-page-builder-2-7-4-2\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-en-beaver-builder-wordpress-page-builder-2-7-4-2\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"http:\/\/127.0.0.1\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Vulnerabilidad de Cross-Site Scripting en Beaver Builder – WordPress Page Builder <= 2.7.4.2\"}]},{\"@type\":\"WebSite\",\"@id\":\"http:\/\/127.0.0.1\/#website\",\"url\":\"http:\/\/127.0.0.1\/\",\"name\":\"SeguridadWordPress.es\",\"description\":\"Recopilaci\u00f3n de vulnerabilidades WordPress.\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"http:\/\/127.0.0.1\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Vulnerabilidad de Cross-Site Scripting en Beaver Builder - WordPress Page Builder <= 2.7.4.2 - SeguridadWordPress.es","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-en-beaver-builder-wordpress-page-builder-2-7-4-2\/","og_locale":"en_US","og_type":"article","og_title":"Vulnerabilidad de Cross-Site Scripting en Beaver Builder - WordPress Page Builder <= 2.7.4.2 - SeguridadWordPress.es","og_description":"La vulnerabilidad CVE-2024-1074 afecta al plugin Beaver Builder – WordPress Page Builder en versiones hasta 2.7.4.2, permitiendo a atacantes autenticados realizar Cross-Site Scripting a trav\u00e9s del par\u00e1metro ‘link_url’ del widget de audio. Se ha identificado que la falta de sanitizaci\u00f3n de entradas y escape de salidas en el plugin Beaver Builder – WordPress Page Builder […]","og_url":"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-en-beaver-builder-wordpress-page-builder-2-7-4-2\/","og_site_name":"SeguridadWordPress.es","article_published_time":"2024-02-28T15:45:38+00:00","twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-en-beaver-builder-wordpress-page-builder-2-7-4-2\/","url":"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-en-beaver-builder-wordpress-page-builder-2-7-4-2\/","name":"Vulnerabilidad de Cross-Site Scripting en Beaver Builder - WordPress Page Builder <= 2.7.4.2 - SeguridadWordPress.es","isPartOf":{"@id":"http:\/\/127.0.0.1\/#website"},"datePublished":"2024-02-28T15:45:38+00:00","dateModified":"2024-02-28T15:45:38+00:00","author":{"@id":""},"breadcrumb":{"@id":"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-en-beaver-builder-wordpress-page-builder-2-7-4-2\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-en-beaver-builder-wordpress-page-builder-2-7-4-2\/"]}]},{"@type":"BreadcrumbList","@id":"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-en-beaver-builder-wordpress-page-builder-2-7-4-2\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"http:\/\/127.0.0.1\/"},{"@type":"ListItem","position":2,"name":"Vulnerabilidad de Cross-Site Scripting en Beaver Builder – WordPress Page Builder <= 2.7.4.2"}]},{"@type":"WebSite","@id":"http:\/\/127.0.0.1\/#website","url":"http:\/\/127.0.0.1\/","name":"SeguridadWordPress.es","description":"Recopilaci\u00f3n de vulnerabilidades WordPress.","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"http:\/\/127.0.0.1\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"}]}},"amp_enabled":true,"_links":{"self":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts\/3034"}],"collection":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/comments?post=3034"}],"version-history":[{"count":0,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts\/3034\/revisions"}],"wp:attachment":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/media?parent=3034"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/categories?post=3034"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/tags?post=3034"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}