{"id":3172,"date":"2024-03-12T09:45:32","date_gmt":"2024-03-12T09:45:32","guid":{"rendered":"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-almacenado-en-sky-addons-for-elementor-2-4-0\/"},"modified":"2024-03-12T09:45:32","modified_gmt":"2024-03-12T09:45:32","slug":"vulnerabilidad-de-cross-site-scripting-almacenado-en-sky-addons-for-elementor-2-4-0","status":"publish","type":"post","link":"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-almacenado-en-sky-addons-for-elementor-2-4-0\/","title":{"rendered":"Vulnerabilidad de Cross-site scripting almacenado en Sky Addons for Elementor <= 2.4.0"},"content":{"rendered":"
La vulnerabilidad CVE-2024-2286 en el complemento Sky Addons for Elementor para WordPress permite a atacantes autenticados con permisos de contribuidor o superiores inyectar scripts web arbitrarios en p\u00e1ginas, lo que puede comprometer la seguridad de los usuarios.<\/div>\n

<\/p>\n

La versi\u00f3n 2.4.0 y anteriores del complemento Sky Addons for Elementor para WordPress son vulnerables a Cross-site scripting almacenado a trav\u00e9s del valor de la URL del enlace de envoltura debido a una sanitizaci\u00f3n insuficiente de la entrada y falta de escapado de la salida en atributos proporcionados por el usuario. Esto significa que un atacante autenticado puede inyectar scripts web maliciosos en las p\u00e1ginas que se ejecutar\u00e1n cuando un usuario acceda a dicha p\u00e1gina inyectada.<\/div>\n
Se recomienda a los usuarios actualizar a la versi\u00f3n m\u00e1s reciente del complemento Sky Addons for Elementor para corregir esta vulnerabilidad. Adem\u00e1s, se sugiere ser cauteloso al hacer clic en enlaces desconocidos y supervisar regularmente las actualizaciones de seguridad en los complementos de WordPress para protegerse contra este tipo de ataques.<\/div>\n","protected":false},"excerpt":{"rendered":"

La vulnerabilidad CVE-2024-2286 en el complemento Sky Addons for Elementor para WordPress permite a atacantes autenticados con permisos de contribuidor o superiores inyectar scripts web arbitrarios en p\u00e1ginas, lo que puede comprometer la seguridad de los usuarios. La versi\u00f3n 2.4.0 y anteriores del complemento Sky Addons for Elementor para WordPress son vulnerables a Cross-site scripting […]<\/p>\n","protected":false},"author":0,"featured_media":0,"comment_status":"","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[885],"class_list":["post-3172","post","type-post","status-publish","format-standard","hentry","category-uncategorized","tag-cve-2024-2286"],"yoast_head":"\nVulnerabilidad de Cross-site scripting almacenado en Sky Addons for Elementor <= 2.4.0 - SeguridadWordPress.es<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-almacenado-en-sky-addons-for-elementor-2-4-0\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Vulnerabilidad de Cross-site scripting almacenado en Sky Addons for Elementor <= 2.4.0 - SeguridadWordPress.es\" \/>\n<meta property=\"og:description\" content=\"La vulnerabilidad CVE-2024-2286 en el complemento Sky Addons for Elementor para WordPress permite a atacantes autenticados con permisos de contribuidor o superiores inyectar scripts web arbitrarios en p\u00e1ginas, lo que puede comprometer la seguridad de los usuarios. La versi\u00f3n 2.4.0 y anteriores del complemento Sky Addons for Elementor para WordPress son vulnerables a Cross-site scripting […]\" \/>\n<meta property=\"og:url\" content=\"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-almacenado-en-sky-addons-for-elementor-2-4-0\/\" \/>\n<meta property=\"og:site_name\" content=\"SeguridadWordPress.es\" \/>\n<meta property=\"article:published_time\" content=\"2024-03-12T09:45:32+00:00\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-almacenado-en-sky-addons-for-elementor-2-4-0\/\",\"url\":\"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-almacenado-en-sky-addons-for-elementor-2-4-0\/\",\"name\":\"Vulnerabilidad de Cross-site scripting almacenado en Sky Addons for Elementor <= 2.4.0 - SeguridadWordPress.es\",\"isPartOf\":{\"@id\":\"http:\/\/127.0.0.1\/#website\"},\"datePublished\":\"2024-03-12T09:45:32+00:00\",\"dateModified\":\"2024-03-12T09:45:32+00:00\",\"author\":{\"@id\":\"\"},\"breadcrumb\":{\"@id\":\"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-almacenado-en-sky-addons-for-elementor-2-4-0\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-almacenado-en-sky-addons-for-elementor-2-4-0\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-almacenado-en-sky-addons-for-elementor-2-4-0\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"http:\/\/127.0.0.1\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Vulnerabilidad de Cross-site scripting almacenado en Sky Addons for Elementor <= 2.4.0\"}]},{\"@type\":\"WebSite\",\"@id\":\"http:\/\/127.0.0.1\/#website\",\"url\":\"http:\/\/127.0.0.1\/\",\"name\":\"SeguridadWordPress.es\",\"description\":\"Recopilaci\u00f3n de vulnerabilidades WordPress.\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"http:\/\/127.0.0.1\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Vulnerabilidad de Cross-site scripting almacenado en Sky Addons for Elementor <= 2.4.0 - SeguridadWordPress.es","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-almacenado-en-sky-addons-for-elementor-2-4-0\/","og_locale":"en_US","og_type":"article","og_title":"Vulnerabilidad de Cross-site scripting almacenado en Sky Addons for Elementor <= 2.4.0 - SeguridadWordPress.es","og_description":"La vulnerabilidad CVE-2024-2286 en el complemento Sky Addons for Elementor para WordPress permite a atacantes autenticados con permisos de contribuidor o superiores inyectar scripts web arbitrarios en p\u00e1ginas, lo que puede comprometer la seguridad de los usuarios. La versi\u00f3n 2.4.0 y anteriores del complemento Sky Addons for Elementor para WordPress son vulnerables a Cross-site scripting […]","og_url":"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-almacenado-en-sky-addons-for-elementor-2-4-0\/","og_site_name":"SeguridadWordPress.es","article_published_time":"2024-03-12T09:45:32+00:00","twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-almacenado-en-sky-addons-for-elementor-2-4-0\/","url":"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-almacenado-en-sky-addons-for-elementor-2-4-0\/","name":"Vulnerabilidad de Cross-site scripting almacenado en Sky Addons for Elementor <= 2.4.0 - SeguridadWordPress.es","isPartOf":{"@id":"http:\/\/127.0.0.1\/#website"},"datePublished":"2024-03-12T09:45:32+00:00","dateModified":"2024-03-12T09:45:32+00:00","author":{"@id":""},"breadcrumb":{"@id":"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-almacenado-en-sky-addons-for-elementor-2-4-0\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-almacenado-en-sky-addons-for-elementor-2-4-0\/"]}]},{"@type":"BreadcrumbList","@id":"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-almacenado-en-sky-addons-for-elementor-2-4-0\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"http:\/\/127.0.0.1\/"},{"@type":"ListItem","position":2,"name":"Vulnerabilidad de Cross-site scripting almacenado en Sky Addons for Elementor <= 2.4.0"}]},{"@type":"WebSite","@id":"http:\/\/127.0.0.1\/#website","url":"http:\/\/127.0.0.1\/","name":"SeguridadWordPress.es","description":"Recopilaci\u00f3n de vulnerabilidades WordPress.","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"http:\/\/127.0.0.1\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"}]}},"amp_enabled":true,"_links":{"self":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts\/3172"}],"collection":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/comments?post=3172"}],"version-history":[{"count":0,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts\/3172\/revisions"}],"wp:attachment":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/media?parent=3172"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/categories?post=3172"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/tags?post=3172"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}