{"id":3205,"date":"2024-03-13T18:45:36","date_gmt":"2024-03-13T18:45:36","guid":{"rendered":"http:\/\/127.0.0.1\/elementor-addons-by-livemesh-8-3-4-cross-site-scripting-stored-con-autenticacion-contributor-a-traves-del-widget-de-carrusel-de-publicaciones\/"},"modified":"2024-03-13T18:45:36","modified_gmt":"2024-03-13T18:45:36","slug":"elementor-addons-by-livemesh-8-3-4-cross-site-scripting-stored-con-autenticacion-contributor-a-traves-del-widget-de-carrusel-de-publicaciones","status":"publish","type":"post","link":"http:\/\/127.0.0.1\/elementor-addons-by-livemesh-8-3-4-cross-site-scripting-stored-con-autenticacion-contributor-a-traves-del-widget-de-carrusel-de-publicaciones\/","title":{"rendered":"Elementor Addons by Livemesh <= 8.3.4 – Cross-Site Scripting Stored con Autenticaci\u00f3n (Contributor+) a trav\u00e9s del Widget de Carrusel de Publicaciones"},"content":{"rendered":"
El plugin Elementor Addons by Livemesh para WordPress es vulnerable a Cross-Site Scripting almacenado a trav\u00e9s del atributo ‘carousel_skin’ del widget de Carrusel de Publicaciones en todas las versiones hasta, e incluyendo, la 8.3.4 debido a una sanitizaci\u00f3n insuficiente de la entrada y escape de la salida. Esto permite a atacantes autenticados, con acceso de nivel contribuidor y superior, inyectar scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada.<\/div>\n

<\/p>\n

Los usuarios afectados deben actualizar a la versi\u00f3n m\u00e1s reciente del plugin tan pronto como sea posible para mitigar este problema de seguridad. Adem\u00e1s, se recomienda evitar dar permisos de contribuidor y superiores a usuarios no confiables para reducir el riesgo de explotaci\u00f3n. Tambi\u00e9n se aconseja a los usuarios revisar regularmente las actualizaciones de seguridad de los plugins instalados y aplicar parches de seguridad tan pronto como est\u00e9n disponibles.<\/div>\n
Es fundamental tomar medidas proactivas para protegerse contra vulnerabilidades de seguridad como esta en el plugin Elementor Addons by Livemesh. Al seguir las recomendaciones mencionadas anteriormente, los usuarios pueden reducir el riesgo de ataques de Cross-Site Scripting almacenado y mantener sus sitios WordPress seguros.<\/div>\n","protected":false},"excerpt":{"rendered":"

El plugin Elementor Addons by Livemesh para WordPress es vulnerable a Cross-Site Scripting almacenado a trav\u00e9s del atributo ‘carousel_skin’ del widget de Carrusel de Publicaciones en todas las versiones hasta, e incluyendo, la 8.3.4 debido a una sanitizaci\u00f3n insuficiente de la entrada y escape de la salida. Esto permite a atacantes autenticados, con acceso de […]<\/p>\n","protected":false},"author":0,"featured_media":0,"comment_status":"","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[918],"class_list":["post-3205","post","type-post","status-publish","format-standard","hentry","category-uncategorized","tag-cve-2024-1465"],"yoast_head":"\nElementor Addons by Livemesh <= 8.3.4 - Cross-Site Scripting Stored con Autenticaci\u00f3n (Contributor+) a trav\u00e9s del Widget de Carrusel de Publicaciones - SeguridadWordPress.es<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"http:\/\/127.0.0.1\/elementor-addons-by-livemesh-8-3-4-cross-site-scripting-stored-con-autenticacion-contributor-a-traves-del-widget-de-carrusel-de-publicaciones\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Elementor Addons by Livemesh <= 8.3.4 - Cross-Site Scripting Stored con Autenticaci\u00f3n (Contributor+) a trav\u00e9s del Widget de Carrusel de Publicaciones - SeguridadWordPress.es\" \/>\n<meta property=\"og:description\" content=\"El plugin Elementor Addons by Livemesh para WordPress es vulnerable a Cross-Site Scripting almacenado a trav\u00e9s del atributo ‘carousel_skin’ del widget de Carrusel de Publicaciones en todas las versiones hasta, e incluyendo, la 8.3.4 debido a una sanitizaci\u00f3n insuficiente de la entrada y escape de la salida. Esto permite a atacantes autenticados, con acceso de […]\" \/>\n<meta property=\"og:url\" content=\"http:\/\/127.0.0.1\/elementor-addons-by-livemesh-8-3-4-cross-site-scripting-stored-con-autenticacion-contributor-a-traves-del-widget-de-carrusel-de-publicaciones\/\" \/>\n<meta property=\"og:site_name\" content=\"SeguridadWordPress.es\" \/>\n<meta property=\"article:published_time\" content=\"2024-03-13T18:45:36+00:00\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"http:\/\/127.0.0.1\/elementor-addons-by-livemesh-8-3-4-cross-site-scripting-stored-con-autenticacion-contributor-a-traves-del-widget-de-carrusel-de-publicaciones\/\",\"url\":\"http:\/\/127.0.0.1\/elementor-addons-by-livemesh-8-3-4-cross-site-scripting-stored-con-autenticacion-contributor-a-traves-del-widget-de-carrusel-de-publicaciones\/\",\"name\":\"Elementor Addons by Livemesh <= 8.3.4 - Cross-Site Scripting Stored con Autenticaci\u00f3n (Contributor+) a trav\u00e9s del Widget de Carrusel de Publicaciones - SeguridadWordPress.es\",\"isPartOf\":{\"@id\":\"http:\/\/127.0.0.1\/#website\"},\"datePublished\":\"2024-03-13T18:45:36+00:00\",\"dateModified\":\"2024-03-13T18:45:36+00:00\",\"author\":{\"@id\":\"\"},\"breadcrumb\":{\"@id\":\"http:\/\/127.0.0.1\/elementor-addons-by-livemesh-8-3-4-cross-site-scripting-stored-con-autenticacion-contributor-a-traves-del-widget-de-carrusel-de-publicaciones\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"http:\/\/127.0.0.1\/elementor-addons-by-livemesh-8-3-4-cross-site-scripting-stored-con-autenticacion-contributor-a-traves-del-widget-de-carrusel-de-publicaciones\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"http:\/\/127.0.0.1\/elementor-addons-by-livemesh-8-3-4-cross-site-scripting-stored-con-autenticacion-contributor-a-traves-del-widget-de-carrusel-de-publicaciones\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"http:\/\/127.0.0.1\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Elementor Addons by Livemesh <= 8.3.4 – Cross-Site Scripting Stored con Autenticaci\u00f3n (Contributor+) a trav\u00e9s del Widget de Carrusel de Publicaciones\"}]},{\"@type\":\"WebSite\",\"@id\":\"http:\/\/127.0.0.1\/#website\",\"url\":\"http:\/\/127.0.0.1\/\",\"name\":\"SeguridadWordPress.es\",\"description\":\"Recopilaci\u00f3n de vulnerabilidades WordPress.\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"http:\/\/127.0.0.1\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Elementor Addons by Livemesh <= 8.3.4 - Cross-Site Scripting Stored con Autenticaci\u00f3n (Contributor+) a trav\u00e9s del Widget de Carrusel de Publicaciones - SeguridadWordPress.es","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"http:\/\/127.0.0.1\/elementor-addons-by-livemesh-8-3-4-cross-site-scripting-stored-con-autenticacion-contributor-a-traves-del-widget-de-carrusel-de-publicaciones\/","og_locale":"en_US","og_type":"article","og_title":"Elementor Addons by Livemesh <= 8.3.4 - Cross-Site Scripting Stored con Autenticaci\u00f3n (Contributor+) a trav\u00e9s del Widget de Carrusel de Publicaciones - SeguridadWordPress.es","og_description":"El plugin Elementor Addons by Livemesh para WordPress es vulnerable a Cross-Site Scripting almacenado a trav\u00e9s del atributo ‘carousel_skin’ del widget de Carrusel de Publicaciones en todas las versiones hasta, e incluyendo, la 8.3.4 debido a una sanitizaci\u00f3n insuficiente de la entrada y escape de la salida. Esto permite a atacantes autenticados, con acceso de […]","og_url":"http:\/\/127.0.0.1\/elementor-addons-by-livemesh-8-3-4-cross-site-scripting-stored-con-autenticacion-contributor-a-traves-del-widget-de-carrusel-de-publicaciones\/","og_site_name":"SeguridadWordPress.es","article_published_time":"2024-03-13T18:45:36+00:00","twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"http:\/\/127.0.0.1\/elementor-addons-by-livemesh-8-3-4-cross-site-scripting-stored-con-autenticacion-contributor-a-traves-del-widget-de-carrusel-de-publicaciones\/","url":"http:\/\/127.0.0.1\/elementor-addons-by-livemesh-8-3-4-cross-site-scripting-stored-con-autenticacion-contributor-a-traves-del-widget-de-carrusel-de-publicaciones\/","name":"Elementor Addons by Livemesh <= 8.3.4 - Cross-Site Scripting Stored con Autenticaci\u00f3n (Contributor+) a trav\u00e9s del Widget de Carrusel de Publicaciones - SeguridadWordPress.es","isPartOf":{"@id":"http:\/\/127.0.0.1\/#website"},"datePublished":"2024-03-13T18:45:36+00:00","dateModified":"2024-03-13T18:45:36+00:00","author":{"@id":""},"breadcrumb":{"@id":"http:\/\/127.0.0.1\/elementor-addons-by-livemesh-8-3-4-cross-site-scripting-stored-con-autenticacion-contributor-a-traves-del-widget-de-carrusel-de-publicaciones\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["http:\/\/127.0.0.1\/elementor-addons-by-livemesh-8-3-4-cross-site-scripting-stored-con-autenticacion-contributor-a-traves-del-widget-de-carrusel-de-publicaciones\/"]}]},{"@type":"BreadcrumbList","@id":"http:\/\/127.0.0.1\/elementor-addons-by-livemesh-8-3-4-cross-site-scripting-stored-con-autenticacion-contributor-a-traves-del-widget-de-carrusel-de-publicaciones\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"http:\/\/127.0.0.1\/"},{"@type":"ListItem","position":2,"name":"Elementor Addons by Livemesh <= 8.3.4 – Cross-Site Scripting Stored con Autenticaci\u00f3n (Contributor+) a trav\u00e9s del Widget de Carrusel de Publicaciones"}]},{"@type":"WebSite","@id":"http:\/\/127.0.0.1\/#website","url":"http:\/\/127.0.0.1\/","name":"SeguridadWordPress.es","description":"Recopilaci\u00f3n de vulnerabilidades WordPress.","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"http:\/\/127.0.0.1\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"}]}},"amp_enabled":true,"_links":{"self":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts\/3205"}],"collection":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/comments?post=3205"}],"version-history":[{"count":0,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts\/3205\/revisions"}],"wp:attachment":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/media?parent=3205"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/categories?post=3205"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/tags?post=3205"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}