{"id":3219,"date":"2024-03-14T19:45:08","date_gmt":"2024-03-14T19:45:08","guid":{"rendered":"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-almacenado-en-premium-addons-for-elementor-pro-4-10-23\/"},"modified":"2024-03-14T19:45:08","modified_gmt":"2024-03-14T19:45:08","slug":"vulnerabilidad-de-cross-site-scripting-almacenado-en-premium-addons-for-elementor-pro-4-10-23","status":"publish","type":"post","link":"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-almacenado-en-premium-addons-for-elementor-pro-4-10-23\/","title":{"rendered":"Vulnerabilidad de Cross-Site Scripting Almacenado en Premium Addons for Elementor PRO <= 4.10.23"},"content":{"rendered":"
El plugin Premium Addons PRO para WordPress es vulnerable a Cross-Site Scripting Almacenado a trav\u00e9s de los widgets del plugin en todas las versiones hasta, e incluyendo, la 4.10.23 debido a una sanitizaci\u00f3n insuficiente de la entrada y escape de la salida en atributos suministrados por el usuario. Esto permite a atacantes autenticados con permisos de un nivel de colaborador o superior inyectar scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada.<\/div>\n

<\/p>\n

La falta de sanitizaci\u00f3n adecuada de las entradas por parte del plugin Premium Addons PRO permite a los atacantes inyectar scripts maliciosos en p\u00e1ginas web, lo que puede resultar en la ejecuci\u00f3n de c\u00f3digo no deseado en el navegador de los usuarios. Para mitigar este riesgo, se recomienda a los usuarios actualizar el plugin a la \u00faltima versi\u00f3n disponible lo antes posible. Adem\u00e1s, se debe evitar confiar \u00fanicamente en la validaci\u00f3n del lado del cliente y implementar t\u00e9cnicas de escape de salida adecuadas para prevenir este tipo de ataques.<\/div>\n
La seguridad de un sitio web es fundamental para proteger la integridad de la informaci\u00f3n y la privacidad de los usuarios. Al mantener todos los plugins y temas actualizados, as\u00ed como implementar buenas pr\u00e1cticas de codificaci\u00f3n segura, se pueden reducir significativamente las posibilidades de ser v\u00edctima de ataques de este tipo.<\/div>\n","protected":false},"excerpt":{"rendered":"

El plugin Premium Addons PRO para WordPress es vulnerable a Cross-Site Scripting Almacenado a trav\u00e9s de los widgets del plugin en todas las versiones hasta, e incluyendo, la 4.10.23 debido a una sanitizaci\u00f3n insuficiente de la entrada y escape de la salida en atributos suministrados por el usuario. Esto permite a atacantes autenticados con permisos […]<\/p>\n","protected":false},"author":0,"featured_media":0,"comment_status":"","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[932],"class_list":["post-3219","post","type-post","status-publish","format-standard","hentry","category-uncategorized","tag-cve-2024-2399"],"yoast_head":"\nVulnerabilidad de Cross-Site Scripting Almacenado en Premium Addons for Elementor PRO <= 4.10.23 - SeguridadWordPress.es<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-almacenado-en-premium-addons-for-elementor-pro-4-10-23\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Vulnerabilidad de Cross-Site Scripting Almacenado en Premium Addons for Elementor PRO <= 4.10.23 - SeguridadWordPress.es\" \/>\n<meta property=\"og:description\" content=\"El plugin Premium Addons PRO para WordPress es vulnerable a Cross-Site Scripting Almacenado a trav\u00e9s de los widgets del plugin en todas las versiones hasta, e incluyendo, la 4.10.23 debido a una sanitizaci\u00f3n insuficiente de la entrada y escape de la salida en atributos suministrados por el usuario. Esto permite a atacantes autenticados con permisos […]\" \/>\n<meta property=\"og:url\" content=\"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-almacenado-en-premium-addons-for-elementor-pro-4-10-23\/\" \/>\n<meta property=\"og:site_name\" content=\"SeguridadWordPress.es\" \/>\n<meta property=\"article:published_time\" content=\"2024-03-14T19:45:08+00:00\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-almacenado-en-premium-addons-for-elementor-pro-4-10-23\/\",\"url\":\"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-almacenado-en-premium-addons-for-elementor-pro-4-10-23\/\",\"name\":\"Vulnerabilidad de Cross-Site Scripting Almacenado en Premium Addons for Elementor PRO <= 4.10.23 - SeguridadWordPress.es\",\"isPartOf\":{\"@id\":\"http:\/\/127.0.0.1\/#website\"},\"datePublished\":\"2024-03-14T19:45:08+00:00\",\"dateModified\":\"2024-03-14T19:45:08+00:00\",\"author\":{\"@id\":\"\"},\"breadcrumb\":{\"@id\":\"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-almacenado-en-premium-addons-for-elementor-pro-4-10-23\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-almacenado-en-premium-addons-for-elementor-pro-4-10-23\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-almacenado-en-premium-addons-for-elementor-pro-4-10-23\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"http:\/\/127.0.0.1\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Vulnerabilidad de Cross-Site Scripting Almacenado en Premium Addons for Elementor PRO <= 4.10.23\"}]},{\"@type\":\"WebSite\",\"@id\":\"http:\/\/127.0.0.1\/#website\",\"url\":\"http:\/\/127.0.0.1\/\",\"name\":\"SeguridadWordPress.es\",\"description\":\"Recopilaci\u00f3n de vulnerabilidades WordPress.\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"http:\/\/127.0.0.1\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Vulnerabilidad de Cross-Site Scripting Almacenado en Premium Addons for Elementor PRO <= 4.10.23 - SeguridadWordPress.es","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-almacenado-en-premium-addons-for-elementor-pro-4-10-23\/","og_locale":"en_US","og_type":"article","og_title":"Vulnerabilidad de Cross-Site Scripting Almacenado en Premium Addons for Elementor PRO <= 4.10.23 - SeguridadWordPress.es","og_description":"El plugin Premium Addons PRO para WordPress es vulnerable a Cross-Site Scripting Almacenado a trav\u00e9s de los widgets del plugin en todas las versiones hasta, e incluyendo, la 4.10.23 debido a una sanitizaci\u00f3n insuficiente de la entrada y escape de la salida en atributos suministrados por el usuario. Esto permite a atacantes autenticados con permisos […]","og_url":"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-almacenado-en-premium-addons-for-elementor-pro-4-10-23\/","og_site_name":"SeguridadWordPress.es","article_published_time":"2024-03-14T19:45:08+00:00","twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-almacenado-en-premium-addons-for-elementor-pro-4-10-23\/","url":"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-almacenado-en-premium-addons-for-elementor-pro-4-10-23\/","name":"Vulnerabilidad de Cross-Site Scripting Almacenado en Premium Addons for Elementor PRO <= 4.10.23 - SeguridadWordPress.es","isPartOf":{"@id":"http:\/\/127.0.0.1\/#website"},"datePublished":"2024-03-14T19:45:08+00:00","dateModified":"2024-03-14T19:45:08+00:00","author":{"@id":""},"breadcrumb":{"@id":"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-almacenado-en-premium-addons-for-elementor-pro-4-10-23\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-almacenado-en-premium-addons-for-elementor-pro-4-10-23\/"]}]},{"@type":"BreadcrumbList","@id":"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-almacenado-en-premium-addons-for-elementor-pro-4-10-23\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"http:\/\/127.0.0.1\/"},{"@type":"ListItem","position":2,"name":"Vulnerabilidad de Cross-Site Scripting Almacenado en Premium Addons for Elementor PRO <= 4.10.23"}]},{"@type":"WebSite","@id":"http:\/\/127.0.0.1\/#website","url":"http:\/\/127.0.0.1\/","name":"SeguridadWordPress.es","description":"Recopilaci\u00f3n de vulnerabilidades WordPress.","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"http:\/\/127.0.0.1\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"}]}},"amp_enabled":true,"_links":{"self":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts\/3219"}],"collection":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/comments?post=3219"}],"version-history":[{"count":0,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts\/3219\/revisions"}],"wp:attachment":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/media?parent=3219"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/categories?post=3219"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/tags?post=3219"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}