{"id":3127,"date":"2024-03-07T19:45:08","date_gmt":"2024-03-07T19:45:08","guid":{"rendered":"http:\/\/127.0.0.1\/orbit-fox-by-themeisle-2-10-32-vulnerabilidad-de-cross-site-scripting-almacenada-autenticada-a-traves-del-widget-de-formulario-de-registro\/"},"modified":"2024-03-07T19:45:08","modified_gmt":"2024-03-07T19:45:08","slug":"orbit-fox-by-themeisle-2-10-32-vulnerabilidad-de-cross-site-scripting-almacenada-autenticada-a-traves-del-widget-de-formulario-de-registro","status":"publish","type":"post","link":"http:\/\/127.0.0.1\/orbit-fox-by-themeisle-2-10-32-vulnerabilidad-de-cross-site-scripting-almacenada-autenticada-a-traves-del-widget-de-formulario-de-registro\/","title":{"rendered":"Orbit Fox by ThemeIsle <= 2.10.32 – Vulnerabilidad de Cross-Site Scripting almacenada autenticada a trav\u00e9s del widget de Formulario de Registro"},"content":{"rendered":"
La vulnerabilidad CVE-2024-2126 en el plugin Orbit Fox by ThemeIsle para WordPress permite a atacantes autenticados con acceso de nivel contribuidor y superior inyectar scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cuando un usuario acceda a una p\u00e1gina infectada.<\/div>\n

<\/p>\n

La vulnerabilidad de Cross-Site Scripting almacenada en el widget de Formulario de Registro en todas las versiones hasta la 2.10.32 del plugin Orbit Fox se debe a la insuficiente sanitizaci\u00f3n de la entrada y escapado de la salida. Esto brinda a los atacantes autenticados la posibilidad de inyectar scripts web maliciosos, lo que puede resultar en la ejecuci\u00f3n de c\u00f3digo no deseado en el navegador de los usuarios. Para mitigar este riesgo, se recomienda actualizar el plugin Orbit Fox a la \u00faltima versi\u00f3n disponible y monitorear regularmente las p\u00e1ginas del sitio web en busca de actividad maliciosa.<\/div>\n
Es fundamental que los usuarios de WordPress se mantengan al tanto de las actualizaciones de seguridad y tomen medidas proactivas para proteger sus sitios web. Al abordar las vulnerabilidades como la identificada en Orbit Fox by ThemeIsle, se puede reducir significativamente el riesgo de ataques de Cross-Site Scripting y otros vectores de amenazas.<\/div>\n","protected":false},"excerpt":{"rendered":"

La vulnerabilidad CVE-2024-2126 en el plugin Orbit Fox by ThemeIsle para WordPress permite a atacantes autenticados con acceso de nivel contribuidor y superior inyectar scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cuando un usuario acceda a una p\u00e1gina infectada. La vulnerabilidad de Cross-Site Scripting almacenada en el widget de Formulario de Registro en todas […]<\/p>\n","protected":false},"author":0,"featured_media":0,"comment_status":"","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[840],"class_list":["post-3127","post","type-post","status-publish","format-standard","hentry","category-uncategorized","tag-cve-2024-2126"],"yoast_head":"\nOrbit Fox by ThemeIsle <= 2.10.32 - Vulnerabilidad de Cross-Site Scripting almacenada autenticada a trav\u00e9s del widget de Formulario de Registro - SeguridadWordPress.es<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"http:\/\/127.0.0.1\/orbit-fox-by-themeisle-2-10-32-vulnerabilidad-de-cross-site-scripting-almacenada-autenticada-a-traves-del-widget-de-formulario-de-registro\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Orbit Fox by ThemeIsle <= 2.10.32 - Vulnerabilidad de Cross-Site Scripting almacenada autenticada a trav\u00e9s del widget de Formulario de Registro - SeguridadWordPress.es\" \/>\n<meta property=\"og:description\" content=\"La vulnerabilidad CVE-2024-2126 en el plugin Orbit Fox by ThemeIsle para WordPress permite a atacantes autenticados con acceso de nivel contribuidor y superior inyectar scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cuando un usuario acceda a una p\u00e1gina infectada. La vulnerabilidad de Cross-Site Scripting almacenada en el widget de Formulario de Registro en todas […]\" \/>\n<meta property=\"og:url\" content=\"http:\/\/127.0.0.1\/orbit-fox-by-themeisle-2-10-32-vulnerabilidad-de-cross-site-scripting-almacenada-autenticada-a-traves-del-widget-de-formulario-de-registro\/\" \/>\n<meta property=\"og:site_name\" content=\"SeguridadWordPress.es\" \/>\n<meta property=\"article:published_time\" content=\"2024-03-07T19:45:08+00:00\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"http:\/\/127.0.0.1\/orbit-fox-by-themeisle-2-10-32-vulnerabilidad-de-cross-site-scripting-almacenada-autenticada-a-traves-del-widget-de-formulario-de-registro\/\",\"url\":\"http:\/\/127.0.0.1\/orbit-fox-by-themeisle-2-10-32-vulnerabilidad-de-cross-site-scripting-almacenada-autenticada-a-traves-del-widget-de-formulario-de-registro\/\",\"name\":\"Orbit Fox by ThemeIsle <= 2.10.32 - Vulnerabilidad de Cross-Site Scripting almacenada autenticada a trav\u00e9s del widget de Formulario de Registro - SeguridadWordPress.es\",\"isPartOf\":{\"@id\":\"http:\/\/127.0.0.1\/#website\"},\"datePublished\":\"2024-03-07T19:45:08+00:00\",\"dateModified\":\"2024-03-07T19:45:08+00:00\",\"author\":{\"@id\":\"\"},\"breadcrumb\":{\"@id\":\"http:\/\/127.0.0.1\/orbit-fox-by-themeisle-2-10-32-vulnerabilidad-de-cross-site-scripting-almacenada-autenticada-a-traves-del-widget-de-formulario-de-registro\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"http:\/\/127.0.0.1\/orbit-fox-by-themeisle-2-10-32-vulnerabilidad-de-cross-site-scripting-almacenada-autenticada-a-traves-del-widget-de-formulario-de-registro\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"http:\/\/127.0.0.1\/orbit-fox-by-themeisle-2-10-32-vulnerabilidad-de-cross-site-scripting-almacenada-autenticada-a-traves-del-widget-de-formulario-de-registro\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"http:\/\/127.0.0.1\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Orbit Fox by ThemeIsle <= 2.10.32 – Vulnerabilidad de Cross-Site Scripting almacenada autenticada a trav\u00e9s del widget de Formulario de Registro\"}]},{\"@type\":\"WebSite\",\"@id\":\"http:\/\/127.0.0.1\/#website\",\"url\":\"http:\/\/127.0.0.1\/\",\"name\":\"SeguridadWordPress.es\",\"description\":\"Recopilaci\u00f3n de vulnerabilidades WordPress.\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"http:\/\/127.0.0.1\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Orbit Fox by ThemeIsle <= 2.10.32 - Vulnerabilidad de Cross-Site Scripting almacenada autenticada a trav\u00e9s del widget de Formulario de Registro - SeguridadWordPress.es","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"http:\/\/127.0.0.1\/orbit-fox-by-themeisle-2-10-32-vulnerabilidad-de-cross-site-scripting-almacenada-autenticada-a-traves-del-widget-de-formulario-de-registro\/","og_locale":"en_US","og_type":"article","og_title":"Orbit Fox by ThemeIsle <= 2.10.32 - Vulnerabilidad de Cross-Site Scripting almacenada autenticada a trav\u00e9s del widget de Formulario de Registro - SeguridadWordPress.es","og_description":"La vulnerabilidad CVE-2024-2126 en el plugin Orbit Fox by ThemeIsle para WordPress permite a atacantes autenticados con acceso de nivel contribuidor y superior inyectar scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cuando un usuario acceda a una p\u00e1gina infectada. La vulnerabilidad de Cross-Site Scripting almacenada en el widget de Formulario de Registro en todas […]","og_url":"http:\/\/127.0.0.1\/orbit-fox-by-themeisle-2-10-32-vulnerabilidad-de-cross-site-scripting-almacenada-autenticada-a-traves-del-widget-de-formulario-de-registro\/","og_site_name":"SeguridadWordPress.es","article_published_time":"2024-03-07T19:45:08+00:00","twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"http:\/\/127.0.0.1\/orbit-fox-by-themeisle-2-10-32-vulnerabilidad-de-cross-site-scripting-almacenada-autenticada-a-traves-del-widget-de-formulario-de-registro\/","url":"http:\/\/127.0.0.1\/orbit-fox-by-themeisle-2-10-32-vulnerabilidad-de-cross-site-scripting-almacenada-autenticada-a-traves-del-widget-de-formulario-de-registro\/","name":"Orbit Fox by ThemeIsle <= 2.10.32 - Vulnerabilidad de Cross-Site Scripting almacenada autenticada a trav\u00e9s del widget de Formulario de Registro - SeguridadWordPress.es","isPartOf":{"@id":"http:\/\/127.0.0.1\/#website"},"datePublished":"2024-03-07T19:45:08+00:00","dateModified":"2024-03-07T19:45:08+00:00","author":{"@id":""},"breadcrumb":{"@id":"http:\/\/127.0.0.1\/orbit-fox-by-themeisle-2-10-32-vulnerabilidad-de-cross-site-scripting-almacenada-autenticada-a-traves-del-widget-de-formulario-de-registro\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["http:\/\/127.0.0.1\/orbit-fox-by-themeisle-2-10-32-vulnerabilidad-de-cross-site-scripting-almacenada-autenticada-a-traves-del-widget-de-formulario-de-registro\/"]}]},{"@type":"BreadcrumbList","@id":"http:\/\/127.0.0.1\/orbit-fox-by-themeisle-2-10-32-vulnerabilidad-de-cross-site-scripting-almacenada-autenticada-a-traves-del-widget-de-formulario-de-registro\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"http:\/\/127.0.0.1\/"},{"@type":"ListItem","position":2,"name":"Orbit Fox by ThemeIsle <= 2.10.32 – Vulnerabilidad de Cross-Site Scripting almacenada autenticada a trav\u00e9s del widget de Formulario de Registro"}]},{"@type":"WebSite","@id":"http:\/\/127.0.0.1\/#website","url":"http:\/\/127.0.0.1\/","name":"SeguridadWordPress.es","description":"Recopilaci\u00f3n de vulnerabilidades WordPress.","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"http:\/\/127.0.0.1\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"}]}},"amp_enabled":true,"_links":{"self":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts\/3127"}],"collection":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/comments?post=3127"}],"version-history":[{"count":0,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts\/3127\/revisions"}],"wp:attachment":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/media?parent=3127"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/categories?post=3127"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/tags?post=3127"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}