{"id":3093,"date":"2024-03-04T20:45:09","date_gmt":"2024-03-04T20:45:09","guid":{"rendered":"http:\/\/127.0.0.1\/siteorigin-widgets-bundle-1-58-7-cross-site-scripting-almacenado-autenticado-contributor\/"},"modified":"2024-03-04T20:45:09","modified_gmt":"2024-03-04T20:45:09","slug":"siteorigin-widgets-bundle-1-58-7-cross-site-scripting-almacenado-autenticado-contributor","status":"publish","type":"post","link":"http:\/\/127.0.0.1\/siteorigin-widgets-bundle-1-58-7-cross-site-scripting-almacenado-autenticado-contributor\/","title":{"rendered":"SiteOrigin Widgets Bundle <= 1.58.7 – Cross-Site Scripting Almacenado Autenticado (Contributor+)"},"content":{"rendered":"
El plugin SiteOrigin Widgets Bundle para WordPress es vulnerable a Cross-Site Scripting Almacenado a trav\u00e9s de varios par\u00e1metros en todas las versiones hasta, e incluyendo, la 1.58.7 debido a una insuficiente sanitizaci\u00f3n de entrada y escape de salida. Esto permite a atacantes autenticados, con acceso de contribuidor o superior, inyectar scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada.<\/div>\n

<\/p>\n

Los par\u00e1metros afectados incluyen: $instance[‘fonts’][‘title_options’][‘tag’], $headline_tag, $sub_headline_tag, $feature[‘icon’]. Para mitigar este problema, se recomienda a los usuarios actualizar el plugin a la \u00faltima versi\u00f3n disponible lo antes posible. Adem\u00e1s, se puede implementar una pol\u00edtica de seguridad s\u00f3lida que incluya la limitaci\u00f3n de los privilegios de los usuarios para reducir el riesgo de que un atacante explote esta vulnerabilidad. Tambi\u00e9n es importante educar a los usuarios sobre las buenas pr\u00e1cticas de seguridad en WordPress, como no hacer clic en enlaces no seguros y no confiar en contenido de fuentes desconocidas.<\/div>\n
Es crucial tomar medidas proactivas para protegerse contra las vulnerabilidades de seguridad en WordPress y sus plugins. Mantener todos los plugins y temas actualizados, implementar pr\u00e1cticas de seguridad s\u00f3lidas y educar a los usuarios son pasos fundamentales para reducir el riesgo de ataques exitosos de Cross-Site Scripting y otras amenazas en l\u00ednea.<\/div>\n","protected":false},"excerpt":{"rendered":"

El plugin SiteOrigin Widgets Bundle para WordPress es vulnerable a Cross-Site Scripting Almacenado a trav\u00e9s de varios par\u00e1metros en todas las versiones hasta, e incluyendo, la 1.58.7 debido a una insuficiente sanitizaci\u00f3n de entrada y escape de salida. Esto permite a atacantes autenticados, con acceso de contribuidor o superior, inyectar scripts web arbitrarios en p\u00e1ginas […]<\/p>\n","protected":false},"author":0,"featured_media":0,"comment_status":"","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[806],"class_list":["post-3093","post","type-post","status-publish","format-standard","hentry","category-uncategorized","tag-cve-2024-1723"],"yoast_head":"\nSiteOrigin Widgets Bundle <= 1.58.7 - Cross-Site Scripting Almacenado Autenticado (Contributor+) - SeguridadWordPress.es<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"http:\/\/127.0.0.1\/siteorigin-widgets-bundle-1-58-7-cross-site-scripting-almacenado-autenticado-contributor\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"SiteOrigin Widgets Bundle <= 1.58.7 - Cross-Site Scripting Almacenado Autenticado (Contributor+) - SeguridadWordPress.es\" \/>\n<meta property=\"og:description\" content=\"El plugin SiteOrigin Widgets Bundle para WordPress es vulnerable a Cross-Site Scripting Almacenado a trav\u00e9s de varios par\u00e1metros en todas las versiones hasta, e incluyendo, la 1.58.7 debido a una insuficiente sanitizaci\u00f3n de entrada y escape de salida. Esto permite a atacantes autenticados, con acceso de contribuidor o superior, inyectar scripts web arbitrarios en p\u00e1ginas […]\" \/>\n<meta property=\"og:url\" content=\"http:\/\/127.0.0.1\/siteorigin-widgets-bundle-1-58-7-cross-site-scripting-almacenado-autenticado-contributor\/\" \/>\n<meta property=\"og:site_name\" content=\"SeguridadWordPress.es\" \/>\n<meta property=\"article:published_time\" content=\"2024-03-04T20:45:09+00:00\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"http:\/\/127.0.0.1\/siteorigin-widgets-bundle-1-58-7-cross-site-scripting-almacenado-autenticado-contributor\/\",\"url\":\"http:\/\/127.0.0.1\/siteorigin-widgets-bundle-1-58-7-cross-site-scripting-almacenado-autenticado-contributor\/\",\"name\":\"SiteOrigin Widgets Bundle <= 1.58.7 - Cross-Site Scripting Almacenado Autenticado (Contributor+) - SeguridadWordPress.es\",\"isPartOf\":{\"@id\":\"http:\/\/127.0.0.1\/#website\"},\"datePublished\":\"2024-03-04T20:45:09+00:00\",\"dateModified\":\"2024-03-04T20:45:09+00:00\",\"author\":{\"@id\":\"\"},\"breadcrumb\":{\"@id\":\"http:\/\/127.0.0.1\/siteorigin-widgets-bundle-1-58-7-cross-site-scripting-almacenado-autenticado-contributor\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"http:\/\/127.0.0.1\/siteorigin-widgets-bundle-1-58-7-cross-site-scripting-almacenado-autenticado-contributor\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"http:\/\/127.0.0.1\/siteorigin-widgets-bundle-1-58-7-cross-site-scripting-almacenado-autenticado-contributor\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"http:\/\/127.0.0.1\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"SiteOrigin Widgets Bundle <= 1.58.7 – Cross-Site Scripting Almacenado Autenticado (Contributor+)\"}]},{\"@type\":\"WebSite\",\"@id\":\"http:\/\/127.0.0.1\/#website\",\"url\":\"http:\/\/127.0.0.1\/\",\"name\":\"SeguridadWordPress.es\",\"description\":\"Recopilaci\u00f3n de vulnerabilidades WordPress.\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"http:\/\/127.0.0.1\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"SiteOrigin Widgets Bundle <= 1.58.7 - Cross-Site Scripting Almacenado Autenticado (Contributor+) - SeguridadWordPress.es","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"http:\/\/127.0.0.1\/siteorigin-widgets-bundle-1-58-7-cross-site-scripting-almacenado-autenticado-contributor\/","og_locale":"en_US","og_type":"article","og_title":"SiteOrigin Widgets Bundle <= 1.58.7 - Cross-Site Scripting Almacenado Autenticado (Contributor+) - SeguridadWordPress.es","og_description":"El plugin SiteOrigin Widgets Bundle para WordPress es vulnerable a Cross-Site Scripting Almacenado a trav\u00e9s de varios par\u00e1metros en todas las versiones hasta, e incluyendo, la 1.58.7 debido a una insuficiente sanitizaci\u00f3n de entrada y escape de salida. Esto permite a atacantes autenticados, con acceso de contribuidor o superior, inyectar scripts web arbitrarios en p\u00e1ginas […]","og_url":"http:\/\/127.0.0.1\/siteorigin-widgets-bundle-1-58-7-cross-site-scripting-almacenado-autenticado-contributor\/","og_site_name":"SeguridadWordPress.es","article_published_time":"2024-03-04T20:45:09+00:00","twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"http:\/\/127.0.0.1\/siteorigin-widgets-bundle-1-58-7-cross-site-scripting-almacenado-autenticado-contributor\/","url":"http:\/\/127.0.0.1\/siteorigin-widgets-bundle-1-58-7-cross-site-scripting-almacenado-autenticado-contributor\/","name":"SiteOrigin Widgets Bundle <= 1.58.7 - Cross-Site Scripting Almacenado Autenticado (Contributor+) - SeguridadWordPress.es","isPartOf":{"@id":"http:\/\/127.0.0.1\/#website"},"datePublished":"2024-03-04T20:45:09+00:00","dateModified":"2024-03-04T20:45:09+00:00","author":{"@id":""},"breadcrumb":{"@id":"http:\/\/127.0.0.1\/siteorigin-widgets-bundle-1-58-7-cross-site-scripting-almacenado-autenticado-contributor\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["http:\/\/127.0.0.1\/siteorigin-widgets-bundle-1-58-7-cross-site-scripting-almacenado-autenticado-contributor\/"]}]},{"@type":"BreadcrumbList","@id":"http:\/\/127.0.0.1\/siteorigin-widgets-bundle-1-58-7-cross-site-scripting-almacenado-autenticado-contributor\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"http:\/\/127.0.0.1\/"},{"@type":"ListItem","position":2,"name":"SiteOrigin Widgets Bundle <= 1.58.7 – Cross-Site Scripting Almacenado Autenticado (Contributor+)"}]},{"@type":"WebSite","@id":"http:\/\/127.0.0.1\/#website","url":"http:\/\/127.0.0.1\/","name":"SeguridadWordPress.es","description":"Recopilaci\u00f3n de vulnerabilidades WordPress.","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"http:\/\/127.0.0.1\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"}]}},"amp_enabled":true,"_links":{"self":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts\/3093"}],"collection":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/comments?post=3093"}],"version-history":[{"count":0,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts\/3093\/revisions"}],"wp:attachment":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/media?parent=3093"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/categories?post=3093"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/tags?post=3093"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}