{"id":3409,"date":"2024-04-01T20:45:14","date_gmt":"2024-04-01T20:45:14","guid":{"rendered":"http:\/\/127.0.0.1\/genesis-blocks-3-1-2-cross-site-scripting-almacenado-autenticado-contributor-a-traves-del-contenido-del-bloque\/"},"modified":"2024-04-01T20:45:14","modified_gmt":"2024-04-01T20:45:14","slug":"genesis-blocks-3-1-2-cross-site-scripting-almacenado-autenticado-contributor-a-traves-del-contenido-del-bloque","status":"publish","type":"post","link":"http:\/\/127.0.0.1\/genesis-blocks-3-1-2-cross-site-scripting-almacenado-autenticado-contributor-a-traves-del-contenido-del-bloque\/","title":{"rendered":"Genesis Blocks &lt;= 3.1.2 &#8211; Cross-Site Scripting Almacenado Autenticado (Contributor+) a trav\u00e9s del Contenido del Bloque"},"content":{"rendered":"<div>El plugin Genesis Blocks para WordPress es vulnerable a Cross-Site Scripting Almacenado a trav\u00e9s del contenido del bloque en todas las versiones hasta, e incluyendo, la 3.1.2 debido a una insuficiente sanitizaci\u00f3n de la entrada y escape de salida. Esto permite a atacantes autenticados, con acceso de contribuidor y superior, inyectar scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada.<\/div>\n<p><\/p>\n<div>Se recomienda a los usuarios de Genesis Blocks actualizar a la versi\u00f3n 3.1.3 o posterior para mitigar este problema de seguridad. Adem\u00e1s, se aconseja a los administradores del sitio revisar y limpiar el contenido de los bloques para eliminar cualquier script malicioso que pueda haber sido inyectado. Tambi\u00e9n es importante seguir las buenas pr\u00e1cticas de seguridad, como no confiar ciegamente en contenido generado por usuarios no confiables y mantener regularmente actualizados los plugins y temas de WordPress para evitar vulnerabilidades conocidas.<\/div>\n<div>Es crucial tomar medidas proactivas para protegerse contra ataques de Cross-Site Scripting y garantizar la seguridad de su sitio web de WordPress.<\/div>\n","protected":false},"excerpt":{"rendered":"<p>El plugin Genesis Blocks para WordPress es vulnerable a Cross-Site Scripting Almacenado a trav\u00e9s del contenido del bloque en todas las versiones hasta, e incluyendo, la 3.1.2 debido a una insuficiente sanitizaci\u00f3n de la entrada y escape de salida. Esto permite a atacantes autenticados, con acceso de contribuidor y superior, inyectar scripts web arbitrarios en [&hellip;]<\/p>\n","protected":false},"author":0,"featured_media":0,"comment_status":"","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[1119],"class_list":["post-3409","post","type-post","status-publish","format-standard","hentry","category-uncategorized","tag-cve-2024-1946"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v21.8 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Genesis Blocks &lt;= 3.1.2 - Cross-Site Scripting Almacenado Autenticado (Contributor+) a trav\u00e9s del Contenido del Bloque - SeguridadWordPress.es<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"http:\/\/127.0.0.1\/genesis-blocks-3-1-2-cross-site-scripting-almacenado-autenticado-contributor-a-traves-del-contenido-del-bloque\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Genesis Blocks &lt;= 3.1.2 - Cross-Site Scripting Almacenado Autenticado (Contributor+) a trav\u00e9s del Contenido del Bloque - SeguridadWordPress.es\" \/>\n<meta property=\"og:description\" content=\"El plugin Genesis Blocks para WordPress es vulnerable a Cross-Site Scripting Almacenado a trav\u00e9s del contenido del bloque en todas las versiones hasta, e incluyendo, la 3.1.2 debido a una insuficiente sanitizaci\u00f3n de la entrada y escape de salida. Esto permite a atacantes autenticados, con acceso de contribuidor y superior, inyectar scripts web arbitrarios en [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"http:\/\/127.0.0.1\/genesis-blocks-3-1-2-cross-site-scripting-almacenado-autenticado-contributor-a-traves-del-contenido-del-bloque\/\" \/>\n<meta property=\"og:site_name\" content=\"SeguridadWordPress.es\" \/>\n<meta property=\"article:published_time\" content=\"2024-04-01T20:45:14+00:00\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"http:\/\/127.0.0.1\/genesis-blocks-3-1-2-cross-site-scripting-almacenado-autenticado-contributor-a-traves-del-contenido-del-bloque\/\",\"url\":\"http:\/\/127.0.0.1\/genesis-blocks-3-1-2-cross-site-scripting-almacenado-autenticado-contributor-a-traves-del-contenido-del-bloque\/\",\"name\":\"Genesis Blocks &lt;= 3.1.2 - Cross-Site Scripting Almacenado Autenticado (Contributor+) a trav\u00e9s del Contenido del Bloque - SeguridadWordPress.es\",\"isPartOf\":{\"@id\":\"http:\/\/127.0.0.1\/#website\"},\"datePublished\":\"2024-04-01T20:45:14+00:00\",\"dateModified\":\"2024-04-01T20:45:14+00:00\",\"author\":{\"@id\":\"\"},\"breadcrumb\":{\"@id\":\"http:\/\/127.0.0.1\/genesis-blocks-3-1-2-cross-site-scripting-almacenado-autenticado-contributor-a-traves-del-contenido-del-bloque\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"http:\/\/127.0.0.1\/genesis-blocks-3-1-2-cross-site-scripting-almacenado-autenticado-contributor-a-traves-del-contenido-del-bloque\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"http:\/\/127.0.0.1\/genesis-blocks-3-1-2-cross-site-scripting-almacenado-autenticado-contributor-a-traves-del-contenido-del-bloque\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"http:\/\/127.0.0.1\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Genesis Blocks &lt;= 3.1.2 &#8211; Cross-Site Scripting Almacenado Autenticado (Contributor+) a trav\u00e9s del Contenido del Bloque\"}]},{\"@type\":\"WebSite\",\"@id\":\"http:\/\/127.0.0.1\/#website\",\"url\":\"http:\/\/127.0.0.1\/\",\"name\":\"SeguridadWordPress.es\",\"description\":\"Recopilaci\u00f3n de vulnerabilidades WordPress.\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"http:\/\/127.0.0.1\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Genesis Blocks &lt;= 3.1.2 - Cross-Site Scripting Almacenado Autenticado (Contributor+) a trav\u00e9s del Contenido del Bloque - SeguridadWordPress.es","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"http:\/\/127.0.0.1\/genesis-blocks-3-1-2-cross-site-scripting-almacenado-autenticado-contributor-a-traves-del-contenido-del-bloque\/","og_locale":"en_US","og_type":"article","og_title":"Genesis Blocks &lt;= 3.1.2 - Cross-Site Scripting Almacenado Autenticado (Contributor+) a trav\u00e9s del Contenido del Bloque - SeguridadWordPress.es","og_description":"El plugin Genesis Blocks para WordPress es vulnerable a Cross-Site Scripting Almacenado a trav\u00e9s del contenido del bloque en todas las versiones hasta, e incluyendo, la 3.1.2 debido a una insuficiente sanitizaci\u00f3n de la entrada y escape de salida. Esto permite a atacantes autenticados, con acceso de contribuidor y superior, inyectar scripts web arbitrarios en [&hellip;]","og_url":"http:\/\/127.0.0.1\/genesis-blocks-3-1-2-cross-site-scripting-almacenado-autenticado-contributor-a-traves-del-contenido-del-bloque\/","og_site_name":"SeguridadWordPress.es","article_published_time":"2024-04-01T20:45:14+00:00","twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"http:\/\/127.0.0.1\/genesis-blocks-3-1-2-cross-site-scripting-almacenado-autenticado-contributor-a-traves-del-contenido-del-bloque\/","url":"http:\/\/127.0.0.1\/genesis-blocks-3-1-2-cross-site-scripting-almacenado-autenticado-contributor-a-traves-del-contenido-del-bloque\/","name":"Genesis Blocks &lt;= 3.1.2 - Cross-Site Scripting Almacenado Autenticado (Contributor+) a trav\u00e9s del Contenido del Bloque - SeguridadWordPress.es","isPartOf":{"@id":"http:\/\/127.0.0.1\/#website"},"datePublished":"2024-04-01T20:45:14+00:00","dateModified":"2024-04-01T20:45:14+00:00","author":{"@id":""},"breadcrumb":{"@id":"http:\/\/127.0.0.1\/genesis-blocks-3-1-2-cross-site-scripting-almacenado-autenticado-contributor-a-traves-del-contenido-del-bloque\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["http:\/\/127.0.0.1\/genesis-blocks-3-1-2-cross-site-scripting-almacenado-autenticado-contributor-a-traves-del-contenido-del-bloque\/"]}]},{"@type":"BreadcrumbList","@id":"http:\/\/127.0.0.1\/genesis-blocks-3-1-2-cross-site-scripting-almacenado-autenticado-contributor-a-traves-del-contenido-del-bloque\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"http:\/\/127.0.0.1\/"},{"@type":"ListItem","position":2,"name":"Genesis Blocks &lt;= 3.1.2 &#8211; Cross-Site Scripting Almacenado Autenticado (Contributor+) a trav\u00e9s del Contenido del Bloque"}]},{"@type":"WebSite","@id":"http:\/\/127.0.0.1\/#website","url":"http:\/\/127.0.0.1\/","name":"SeguridadWordPress.es","description":"Recopilaci\u00f3n de vulnerabilidades WordPress.","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"http:\/\/127.0.0.1\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"}]}},"amp_enabled":true,"_links":{"self":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts\/3409"}],"collection":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/comments?post=3409"}],"version-history":[{"count":0,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts\/3409\/revisions"}],"wp:attachment":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/media?parent=3409"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/categories?post=3409"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/tags?post=3409"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}