{"id":3388,"date":"2024-03-29T18:45:45","date_gmt":"2024-03-29T18:45:45","guid":{"rendered":"http:\/\/127.0.0.1\/ultimate-addons-for-beaver-builder-lite-1-5-7-cross-site-scripting-almacenado-autenticado-a-traves-del-widget-de-encabezado\/"},"modified":"2024-03-29T18:45:45","modified_gmt":"2024-03-29T18:45:45","slug":"ultimate-addons-for-beaver-builder-lite-1-5-7-cross-site-scripting-almacenado-autenticado-a-traves-del-widget-de-encabezado","status":"publish","type":"post","link":"http:\/\/127.0.0.1\/ultimate-addons-for-beaver-builder-lite-1-5-7-cross-site-scripting-almacenado-autenticado-a-traves-del-widget-de-encabezado\/","title":{"rendered":"Ultimate Addons for Beaver Builder \u2013 Lite <= 1.5.7 – Cross-Site Scripting almacenado autenticado a trav\u00e9s del widget de encabezado"},"content":{"rendered":"
El plugin Ultimate Addons for Beaver Builder \u2013 Lite para WordPress es vulnerable a Cross-Site Scripting almacenado a trav\u00e9s del widget de encabezado en todas las versiones hasta, e incluyendo, la 1.5.7 debido a una sanitizaci\u00f3n insuficiente de la entrada y escape de salida. Esto permite que atacantes autenticados, con acceso de nivel de contribuidor y superior, inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada.<\/div>\n

<\/p>\n

La vulnerabilidad de Cross-Site Scripting almacenado en el plugin Ultimate Addons for Beaver Builder \u2013 Lite puede ser explotada por atacantes autenticados para realizar ataques de secuestro de sesi\u00f3n, robo de cookies de sesi\u00f3n u otras acciones maliciosas. Para mitigar este problema, se recomienda a los usuarios actualizar a la versi\u00f3n 1.5.8 o posterior del plugin tan pronto como est\u00e9 disponible. Tambi\u00e9n se aconseja no otorgar acceso de contribuidor o superior a usuarios no confiables para reducir el riesgo de explotaci\u00f3n.<\/div>\n
Es fundamental que los usuarios mantengan sus plugins de WordPress actualizados y sigan buenas pr\u00e1cticas de seguridad, como limitar los privilegios de los usuarios y verificar siempre la seguridad de las extensiones que instalan en sus sitios. Al tomar medidas proactivas para protegerse contra vulnerabilidades conocidas, se puede reducir significativamente el riesgo de sufrir ataques a trav\u00e9s de estas vulnerabilidades conocidas en el futuro.<\/div>\n","protected":false},"excerpt":{"rendered":"

El plugin Ultimate Addons for Beaver Builder \u2013 Lite para WordPress es vulnerable a Cross-Site Scripting almacenado a trav\u00e9s del widget de encabezado en todas las versiones hasta, e incluyendo, la 1.5.7 debido a una sanitizaci\u00f3n insuficiente de la entrada y escape de salida. Esto permite que atacantes autenticados, con acceso de nivel de contribuidor […]<\/p>\n","protected":false},"author":0,"featured_media":0,"comment_status":"","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[1099],"class_list":["post-3388","post","type-post","status-publish","format-standard","hentry","category-uncategorized","tag-cve-2024-2143"],"yoast_head":"\nUltimate Addons for Beaver Builder \u2013 Lite <= 1.5.7 - Cross-Site Scripting almacenado autenticado a trav\u00e9s del widget de encabezado - SeguridadWordPress.es<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"http:\/\/127.0.0.1\/ultimate-addons-for-beaver-builder-lite-1-5-7-cross-site-scripting-almacenado-autenticado-a-traves-del-widget-de-encabezado\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Ultimate Addons for Beaver Builder \u2013 Lite <= 1.5.7 - Cross-Site Scripting almacenado autenticado a trav\u00e9s del widget de encabezado - SeguridadWordPress.es\" \/>\n<meta property=\"og:description\" content=\"El plugin Ultimate Addons for Beaver Builder \u2013 Lite para WordPress es vulnerable a Cross-Site Scripting almacenado a trav\u00e9s del widget de encabezado en todas las versiones hasta, e incluyendo, la 1.5.7 debido a una sanitizaci\u00f3n insuficiente de la entrada y escape de salida. Esto permite que atacantes autenticados, con acceso de nivel de contribuidor […]\" \/>\n<meta property=\"og:url\" content=\"http:\/\/127.0.0.1\/ultimate-addons-for-beaver-builder-lite-1-5-7-cross-site-scripting-almacenado-autenticado-a-traves-del-widget-de-encabezado\/\" \/>\n<meta property=\"og:site_name\" content=\"SeguridadWordPress.es\" \/>\n<meta property=\"article:published_time\" content=\"2024-03-29T18:45:45+00:00\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"http:\/\/127.0.0.1\/ultimate-addons-for-beaver-builder-lite-1-5-7-cross-site-scripting-almacenado-autenticado-a-traves-del-widget-de-encabezado\/\",\"url\":\"http:\/\/127.0.0.1\/ultimate-addons-for-beaver-builder-lite-1-5-7-cross-site-scripting-almacenado-autenticado-a-traves-del-widget-de-encabezado\/\",\"name\":\"Ultimate Addons for Beaver Builder \u2013 Lite <= 1.5.7 - Cross-Site Scripting almacenado autenticado a trav\u00e9s del widget de encabezado - SeguridadWordPress.es\",\"isPartOf\":{\"@id\":\"http:\/\/127.0.0.1\/#website\"},\"datePublished\":\"2024-03-29T18:45:45+00:00\",\"dateModified\":\"2024-03-29T18:45:45+00:00\",\"author\":{\"@id\":\"\"},\"breadcrumb\":{\"@id\":\"http:\/\/127.0.0.1\/ultimate-addons-for-beaver-builder-lite-1-5-7-cross-site-scripting-almacenado-autenticado-a-traves-del-widget-de-encabezado\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"http:\/\/127.0.0.1\/ultimate-addons-for-beaver-builder-lite-1-5-7-cross-site-scripting-almacenado-autenticado-a-traves-del-widget-de-encabezado\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"http:\/\/127.0.0.1\/ultimate-addons-for-beaver-builder-lite-1-5-7-cross-site-scripting-almacenado-autenticado-a-traves-del-widget-de-encabezado\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"http:\/\/127.0.0.1\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Ultimate Addons for Beaver Builder \u2013 Lite <= 1.5.7 – Cross-Site Scripting almacenado autenticado a trav\u00e9s del widget de encabezado\"}]},{\"@type\":\"WebSite\",\"@id\":\"http:\/\/127.0.0.1\/#website\",\"url\":\"http:\/\/127.0.0.1\/\",\"name\":\"SeguridadWordPress.es\",\"description\":\"Recopilaci\u00f3n de vulnerabilidades WordPress.\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"http:\/\/127.0.0.1\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Ultimate Addons for Beaver Builder \u2013 Lite <= 1.5.7 - Cross-Site Scripting almacenado autenticado a trav\u00e9s del widget de encabezado - SeguridadWordPress.es","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"http:\/\/127.0.0.1\/ultimate-addons-for-beaver-builder-lite-1-5-7-cross-site-scripting-almacenado-autenticado-a-traves-del-widget-de-encabezado\/","og_locale":"en_US","og_type":"article","og_title":"Ultimate Addons for Beaver Builder \u2013 Lite <= 1.5.7 - Cross-Site Scripting almacenado autenticado a trav\u00e9s del widget de encabezado - SeguridadWordPress.es","og_description":"El plugin Ultimate Addons for Beaver Builder \u2013 Lite para WordPress es vulnerable a Cross-Site Scripting almacenado a trav\u00e9s del widget de encabezado en todas las versiones hasta, e incluyendo, la 1.5.7 debido a una sanitizaci\u00f3n insuficiente de la entrada y escape de salida. Esto permite que atacantes autenticados, con acceso de nivel de contribuidor […]","og_url":"http:\/\/127.0.0.1\/ultimate-addons-for-beaver-builder-lite-1-5-7-cross-site-scripting-almacenado-autenticado-a-traves-del-widget-de-encabezado\/","og_site_name":"SeguridadWordPress.es","article_published_time":"2024-03-29T18:45:45+00:00","twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"http:\/\/127.0.0.1\/ultimate-addons-for-beaver-builder-lite-1-5-7-cross-site-scripting-almacenado-autenticado-a-traves-del-widget-de-encabezado\/","url":"http:\/\/127.0.0.1\/ultimate-addons-for-beaver-builder-lite-1-5-7-cross-site-scripting-almacenado-autenticado-a-traves-del-widget-de-encabezado\/","name":"Ultimate Addons for Beaver Builder \u2013 Lite <= 1.5.7 - Cross-Site Scripting almacenado autenticado a trav\u00e9s del widget de encabezado - SeguridadWordPress.es","isPartOf":{"@id":"http:\/\/127.0.0.1\/#website"},"datePublished":"2024-03-29T18:45:45+00:00","dateModified":"2024-03-29T18:45:45+00:00","author":{"@id":""},"breadcrumb":{"@id":"http:\/\/127.0.0.1\/ultimate-addons-for-beaver-builder-lite-1-5-7-cross-site-scripting-almacenado-autenticado-a-traves-del-widget-de-encabezado\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["http:\/\/127.0.0.1\/ultimate-addons-for-beaver-builder-lite-1-5-7-cross-site-scripting-almacenado-autenticado-a-traves-del-widget-de-encabezado\/"]}]},{"@type":"BreadcrumbList","@id":"http:\/\/127.0.0.1\/ultimate-addons-for-beaver-builder-lite-1-5-7-cross-site-scripting-almacenado-autenticado-a-traves-del-widget-de-encabezado\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"http:\/\/127.0.0.1\/"},{"@type":"ListItem","position":2,"name":"Ultimate Addons for Beaver Builder \u2013 Lite <= 1.5.7 – Cross-Site Scripting almacenado autenticado a trav\u00e9s del widget de encabezado"}]},{"@type":"WebSite","@id":"http:\/\/127.0.0.1\/#website","url":"http:\/\/127.0.0.1\/","name":"SeguridadWordPress.es","description":"Recopilaci\u00f3n de vulnerabilidades WordPress.","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"http:\/\/127.0.0.1\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"}]}},"amp_enabled":true,"_links":{"self":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts\/3388"}],"collection":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/comments?post=3388"}],"version-history":[{"count":0,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts\/3388\/revisions"}],"wp:attachment":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/media?parent=3388"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/categories?post=3388"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/tags?post=3388"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}