{"id":3134,"date":"2024-03-07T21:45:12","date_gmt":"2024-03-07T21:45:12","guid":{"rendered":"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-xss-en-premium-addons-pro-2-9-12-a-traves-del-widget-del-chat-de-messenger\/"},"modified":"2024-03-07T21:45:12","modified_gmt":"2024-03-07T21:45:12","slug":"vulnerabilidad-de-cross-site-scripting-xss-en-premium-addons-pro-2-9-12-a-traves-del-widget-del-chat-de-messenger","status":"publish","type":"post","link":"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-xss-en-premium-addons-pro-2-9-12-a-traves-del-widget-del-chat-de-messenger\/","title":{"rendered":"Vulnerabilidad de Cross-Site Scripting (XSS) en Premium Addons PRO <= 2.9.12 a trav\u00e9s del Widget del Chat de Messenger"},"content":{"rendered":"
La vulnerabilidad CVE-2024-1997 en el plugin Premium Addons PRO para WordPress permite a atacantes autenticados con nivel de contribuidor o superior, inyectar scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a esa p\u00e1gina.<\/div>\n

<\/p>\n

La vulnerabilidad de Cross-Site Scripting (XSS) en el plugin Premium Addons PRO hasta la versi\u00f3n 2.9.12 se debe a una insuficiente sanitizaci\u00f3n de entradas y escapado de salidas en el par\u00e1metro ‘premium_fbchat_app_id’ del Widget del Chat de Messenger. Para mitigar este riesgo, se recomienda a los usuarios actualizar el plugin a la \u00faltima versi\u00f3n disponible lo antes posible. Adem\u00e1s, se sugiere implementar medidas adicionales de seguridad, como la restricci\u00f3n de los niveles de acceso de los usuarios para reducir la posibilidad de explotaci\u00f3n de la vulnerabilidad.<\/div>\n
Es fundamental para la seguridad de un sitio web mantener todos los plugins y temas actualizados, as\u00ed como implementar buenas pr\u00e1cticas de seguridad, como limitar los permisos de los usuarios y realizar auditor\u00edas peri\u00f3dicas de seguridad para identificar posibles vulnerabilidades.<\/div>\n","protected":false},"excerpt":{"rendered":"

La vulnerabilidad CVE-2024-1997 en el plugin Premium Addons PRO para WordPress permite a atacantes autenticados con nivel de contribuidor o superior, inyectar scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a esa p\u00e1gina. La vulnerabilidad de Cross-Site Scripting (XSS) en el plugin Premium Addons PRO hasta la versi\u00f3n 2.9.12 […]<\/p>\n","protected":false},"author":0,"featured_media":0,"comment_status":"","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[847],"class_list":["post-3134","post","type-post","status-publish","format-standard","hentry","category-uncategorized","tag-cve-2024-1997"],"yoast_head":"\nVulnerabilidad de Cross-Site Scripting (XSS) en Premium Addons PRO <= 2.9.12 a trav\u00e9s del Widget del Chat de Messenger - SeguridadWordPress.es<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-xss-en-premium-addons-pro-2-9-12-a-traves-del-widget-del-chat-de-messenger\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Vulnerabilidad de Cross-Site Scripting (XSS) en Premium Addons PRO <= 2.9.12 a trav\u00e9s del Widget del Chat de Messenger - SeguridadWordPress.es\" \/>\n<meta property=\"og:description\" content=\"La vulnerabilidad CVE-2024-1997 en el plugin Premium Addons PRO para WordPress permite a atacantes autenticados con nivel de contribuidor o superior, inyectar scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a esa p\u00e1gina. La vulnerabilidad de Cross-Site Scripting (XSS) en el plugin Premium Addons PRO hasta la versi\u00f3n 2.9.12 […]\" \/>\n<meta property=\"og:url\" content=\"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-xss-en-premium-addons-pro-2-9-12-a-traves-del-widget-del-chat-de-messenger\/\" \/>\n<meta property=\"og:site_name\" content=\"SeguridadWordPress.es\" \/>\n<meta property=\"article:published_time\" content=\"2024-03-07T21:45:12+00:00\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-xss-en-premium-addons-pro-2-9-12-a-traves-del-widget-del-chat-de-messenger\/\",\"url\":\"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-xss-en-premium-addons-pro-2-9-12-a-traves-del-widget-del-chat-de-messenger\/\",\"name\":\"Vulnerabilidad de Cross-Site Scripting (XSS) en Premium Addons PRO <= 2.9.12 a trav\u00e9s del Widget del Chat de Messenger - SeguridadWordPress.es\",\"isPartOf\":{\"@id\":\"http:\/\/127.0.0.1\/#website\"},\"datePublished\":\"2024-03-07T21:45:12+00:00\",\"dateModified\":\"2024-03-07T21:45:12+00:00\",\"author\":{\"@id\":\"\"},\"breadcrumb\":{\"@id\":\"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-xss-en-premium-addons-pro-2-9-12-a-traves-del-widget-del-chat-de-messenger\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-xss-en-premium-addons-pro-2-9-12-a-traves-del-widget-del-chat-de-messenger\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-xss-en-premium-addons-pro-2-9-12-a-traves-del-widget-del-chat-de-messenger\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"http:\/\/127.0.0.1\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Vulnerabilidad de Cross-Site Scripting (XSS) en Premium Addons PRO <= 2.9.12 a trav\u00e9s del Widget del Chat de Messenger\"}]},{\"@type\":\"WebSite\",\"@id\":\"http:\/\/127.0.0.1\/#website\",\"url\":\"http:\/\/127.0.0.1\/\",\"name\":\"SeguridadWordPress.es\",\"description\":\"Recopilaci\u00f3n de vulnerabilidades WordPress.\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"http:\/\/127.0.0.1\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Vulnerabilidad de Cross-Site Scripting (XSS) en Premium Addons PRO <= 2.9.12 a trav\u00e9s del Widget del Chat de Messenger - SeguridadWordPress.es","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-xss-en-premium-addons-pro-2-9-12-a-traves-del-widget-del-chat-de-messenger\/","og_locale":"en_US","og_type":"article","og_title":"Vulnerabilidad de Cross-Site Scripting (XSS) en Premium Addons PRO <= 2.9.12 a trav\u00e9s del Widget del Chat de Messenger - SeguridadWordPress.es","og_description":"La vulnerabilidad CVE-2024-1997 en el plugin Premium Addons PRO para WordPress permite a atacantes autenticados con nivel de contribuidor o superior, inyectar scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a esa p\u00e1gina. La vulnerabilidad de Cross-Site Scripting (XSS) en el plugin Premium Addons PRO hasta la versi\u00f3n 2.9.12 […]","og_url":"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-xss-en-premium-addons-pro-2-9-12-a-traves-del-widget-del-chat-de-messenger\/","og_site_name":"SeguridadWordPress.es","article_published_time":"2024-03-07T21:45:12+00:00","twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-xss-en-premium-addons-pro-2-9-12-a-traves-del-widget-del-chat-de-messenger\/","url":"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-xss-en-premium-addons-pro-2-9-12-a-traves-del-widget-del-chat-de-messenger\/","name":"Vulnerabilidad de Cross-Site Scripting (XSS) en Premium Addons PRO <= 2.9.12 a trav\u00e9s del Widget del Chat de Messenger - SeguridadWordPress.es","isPartOf":{"@id":"http:\/\/127.0.0.1\/#website"},"datePublished":"2024-03-07T21:45:12+00:00","dateModified":"2024-03-07T21:45:12+00:00","author":{"@id":""},"breadcrumb":{"@id":"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-xss-en-premium-addons-pro-2-9-12-a-traves-del-widget-del-chat-de-messenger\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-xss-en-premium-addons-pro-2-9-12-a-traves-del-widget-del-chat-de-messenger\/"]}]},{"@type":"BreadcrumbList","@id":"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-xss-en-premium-addons-pro-2-9-12-a-traves-del-widget-del-chat-de-messenger\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"http:\/\/127.0.0.1\/"},{"@type":"ListItem","position":2,"name":"Vulnerabilidad de Cross-Site Scripting (XSS) en Premium Addons PRO <= 2.9.12 a trav\u00e9s del Widget del Chat de Messenger"}]},{"@type":"WebSite","@id":"http:\/\/127.0.0.1\/#website","url":"http:\/\/127.0.0.1\/","name":"SeguridadWordPress.es","description":"Recopilaci\u00f3n de vulnerabilidades WordPress.","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"http:\/\/127.0.0.1\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"}]}},"amp_enabled":true,"_links":{"self":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts\/3134"}],"collection":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/comments?post=3134"}],"version-history":[{"count":0,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts\/3134\/revisions"}],"wp:attachment":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/media?parent=3134"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/categories?post=3134"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/tags?post=3134"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}