{"id":3225,"date":"2024-03-15T15:45:20","date_gmt":"2024-03-15T15:45:20","guid":{"rendered":"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-almacenado-en-elementskit-elementor-addons-3-0-5-a-traves-del-widget-image-accordion\/"},"modified":"2024-03-15T15:45:20","modified_gmt":"2024-03-15T15:45:20","slug":"vulnerabilidad-de-cross-site-scripting-almacenado-en-elementskit-elementor-addons-3-0-5-a-traves-del-widget-image-accordion","status":"publish","type":"post","link":"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-almacenado-en-elementskit-elementor-addons-3-0-5-a-traves-del-widget-image-accordion\/","title":{"rendered":"Vulnerabilidad de Cross-Site Scripting almacenado en ElementsKit Elementor addons &lt;= 3.0.5 a trav\u00e9s del widget Image Accordion"},"content":{"rendered":"<div>La vulnerabilidad CVE-2024-2042, tambi\u00e9n conocida como Cross-Site Scripting (XSS), afecta al plugin ElementsKit Elementor addons para WordPress en versiones hasta la 3.0.5. Esta vulnerabilidad permite a atacantes autenticados con nivel de contribuidor o superior inyectar scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cuando un usuario acceda a la p\u00e1gina comprometida.<\/div>\n<p><\/p>\n<div>La vulnerabilidad de Cross-Site Scripting almacenado en ElementsKit Elementor addons &lt;= 3.0.5 se debe a una insuficiente sanitizaci\u00f3n de la entrada y escape de la salida en el widget Image Accordion. Esto significa que los atacantes autenticados pueden explotar esta vulnerabilidad para ejecutar scripts maliciosos en p\u00e1ginas web. Para mitigar este riesgo, se recomienda no utilizar el widget afectado hasta que se publique una actualizaci\u00f3n de seguridad que corrija esta vulnerabilidad.<\/div>\n<div>Es crucial que los usuarios de ElementsKit Elementor addons &lt;= 3.0.5 est\u00e9n al tanto de esta vulnerabilidad y tomen medidas para proteger sus sitios de posibles ataques de Cross-Site Scripting. Mantener el plugin actualizado y no utilizar el widget Image Accordion afectado puede ayudar a reducir el riesgo de explotaci\u00f3n de esta vulnerabilidad.<\/div>\n","protected":false},"excerpt":{"rendered":"<p>La vulnerabilidad CVE-2024-2042, tambi\u00e9n conocida como Cross-Site Scripting (XSS), afecta al plugin ElementsKit Elementor addons para WordPress en versiones hasta la 3.0.5. Esta vulnerabilidad permite a atacantes autenticados con nivel de contribuidor o superior inyectar scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cuando un usuario acceda a la p\u00e1gina comprometida. La vulnerabilidad de Cross-Site [&hellip;]<\/p>\n","protected":false},"author":0,"featured_media":0,"comment_status":"","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[938],"class_list":["post-3225","post","type-post","status-publish","format-standard","hentry","category-uncategorized","tag-cve-2024-2042"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v21.8 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Vulnerabilidad de Cross-Site Scripting almacenado en ElementsKit Elementor addons &lt;= 3.0.5 a trav\u00e9s del widget Image Accordion - SeguridadWordPress.es<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-almacenado-en-elementskit-elementor-addons-3-0-5-a-traves-del-widget-image-accordion\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Vulnerabilidad de Cross-Site Scripting almacenado en ElementsKit Elementor addons &lt;= 3.0.5 a trav\u00e9s del widget Image Accordion - SeguridadWordPress.es\" \/>\n<meta property=\"og:description\" content=\"La vulnerabilidad CVE-2024-2042, tambi\u00e9n conocida como Cross-Site Scripting (XSS), afecta al plugin ElementsKit Elementor addons para WordPress en versiones hasta la 3.0.5. Esta vulnerabilidad permite a atacantes autenticados con nivel de contribuidor o superior inyectar scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cuando un usuario acceda a la p\u00e1gina comprometida. La vulnerabilidad de Cross-Site [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-almacenado-en-elementskit-elementor-addons-3-0-5-a-traves-del-widget-image-accordion\/\" \/>\n<meta property=\"og:site_name\" content=\"SeguridadWordPress.es\" \/>\n<meta property=\"article:published_time\" content=\"2024-03-15T15:45:20+00:00\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-almacenado-en-elementskit-elementor-addons-3-0-5-a-traves-del-widget-image-accordion\/\",\"url\":\"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-almacenado-en-elementskit-elementor-addons-3-0-5-a-traves-del-widget-image-accordion\/\",\"name\":\"Vulnerabilidad de Cross-Site Scripting almacenado en ElementsKit Elementor addons &lt;= 3.0.5 a trav\u00e9s del widget Image Accordion - SeguridadWordPress.es\",\"isPartOf\":{\"@id\":\"http:\/\/127.0.0.1\/#website\"},\"datePublished\":\"2024-03-15T15:45:20+00:00\",\"dateModified\":\"2024-03-15T15:45:20+00:00\",\"author\":{\"@id\":\"\"},\"breadcrumb\":{\"@id\":\"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-almacenado-en-elementskit-elementor-addons-3-0-5-a-traves-del-widget-image-accordion\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-almacenado-en-elementskit-elementor-addons-3-0-5-a-traves-del-widget-image-accordion\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-almacenado-en-elementskit-elementor-addons-3-0-5-a-traves-del-widget-image-accordion\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"http:\/\/127.0.0.1\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Vulnerabilidad de Cross-Site Scripting almacenado en ElementsKit Elementor addons &lt;= 3.0.5 a trav\u00e9s del widget Image Accordion\"}]},{\"@type\":\"WebSite\",\"@id\":\"http:\/\/127.0.0.1\/#website\",\"url\":\"http:\/\/127.0.0.1\/\",\"name\":\"SeguridadWordPress.es\",\"description\":\"Recopilaci\u00f3n de vulnerabilidades WordPress.\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"http:\/\/127.0.0.1\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Vulnerabilidad de Cross-Site Scripting almacenado en ElementsKit Elementor addons &lt;= 3.0.5 a trav\u00e9s del widget Image Accordion - SeguridadWordPress.es","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-almacenado-en-elementskit-elementor-addons-3-0-5-a-traves-del-widget-image-accordion\/","og_locale":"en_US","og_type":"article","og_title":"Vulnerabilidad de Cross-Site Scripting almacenado en ElementsKit Elementor addons &lt;= 3.0.5 a trav\u00e9s del widget Image Accordion - SeguridadWordPress.es","og_description":"La vulnerabilidad CVE-2024-2042, tambi\u00e9n conocida como Cross-Site Scripting (XSS), afecta al plugin ElementsKit Elementor addons para WordPress en versiones hasta la 3.0.5. Esta vulnerabilidad permite a atacantes autenticados con nivel de contribuidor o superior inyectar scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cuando un usuario acceda a la p\u00e1gina comprometida. La vulnerabilidad de Cross-Site [&hellip;]","og_url":"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-almacenado-en-elementskit-elementor-addons-3-0-5-a-traves-del-widget-image-accordion\/","og_site_name":"SeguridadWordPress.es","article_published_time":"2024-03-15T15:45:20+00:00","twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-almacenado-en-elementskit-elementor-addons-3-0-5-a-traves-del-widget-image-accordion\/","url":"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-almacenado-en-elementskit-elementor-addons-3-0-5-a-traves-del-widget-image-accordion\/","name":"Vulnerabilidad de Cross-Site Scripting almacenado en ElementsKit Elementor addons &lt;= 3.0.5 a trav\u00e9s del widget Image Accordion - SeguridadWordPress.es","isPartOf":{"@id":"http:\/\/127.0.0.1\/#website"},"datePublished":"2024-03-15T15:45:20+00:00","dateModified":"2024-03-15T15:45:20+00:00","author":{"@id":""},"breadcrumb":{"@id":"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-almacenado-en-elementskit-elementor-addons-3-0-5-a-traves-del-widget-image-accordion\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-almacenado-en-elementskit-elementor-addons-3-0-5-a-traves-del-widget-image-accordion\/"]}]},{"@type":"BreadcrumbList","@id":"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-almacenado-en-elementskit-elementor-addons-3-0-5-a-traves-del-widget-image-accordion\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"http:\/\/127.0.0.1\/"},{"@type":"ListItem","position":2,"name":"Vulnerabilidad de Cross-Site Scripting almacenado en ElementsKit Elementor addons &lt;= 3.0.5 a trav\u00e9s del widget Image Accordion"}]},{"@type":"WebSite","@id":"http:\/\/127.0.0.1\/#website","url":"http:\/\/127.0.0.1\/","name":"SeguridadWordPress.es","description":"Recopilaci\u00f3n de vulnerabilidades WordPress.","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"http:\/\/127.0.0.1\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"}]}},"amp_enabled":true,"_links":{"self":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts\/3225"}],"collection":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/comments?post=3225"}],"version-history":[{"count":0,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts\/3225\/revisions"}],"wp:attachment":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/media?parent=3225"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/categories?post=3225"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/tags?post=3225"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}