{"id":3475,"date":"2024-04-09T15:45:55","date_gmt":"2024-04-09T15:45:55","guid":{"rendered":"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-en-premium-addons-for-elementor-4-10-27\/"},"modified":"2024-04-09T15:45:55","modified_gmt":"2024-04-09T15:45:55","slug":"vulnerabilidad-de-cross-site-scripting-en-premium-addons-for-elementor-4-10-27","status":"publish","type":"post","link":"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-en-premium-addons-for-elementor-4-10-27\/","title":{"rendered":"Vulnerabilidad de Cross-Site Scripting en Premium Addons for Elementor &lt;= 4.10.27"},"content":{"rendered":"<div>La vulnerabilidad CVE-2024-2665 afecta al plugin Premium Addons for Elementor para WordPress, permitiendo a atacantes autenticados inyectar scripts maliciosos en p\u00e1ginas web.<\/div>\n<p><\/p>\n<div>El plugin Premium Addons for Elementor hasta la versi\u00f3n 4.10.27 es vulnerable a Cross-Site Scripting almacenado debido a una insuficiente sanitizaci\u00f3n de la entrada y escape de la salida en atributos suministrados por el usuario. Esto posibilita que atacantes autenticados, con acceso de contribuidor en adelante, inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a la p\u00e1gina inyectada.<\/div>\n<div>Los usuarios afectados por esta vulnerabilidad deben actualizar el plugin Premium Addons for Elementor a la versi\u00f3n m\u00e1s reciente, as\u00ed como revisar y sanear cualquier entrada de usuario en sus p\u00e1ginas para prevenir futuros ataques de Cross-Site Scripting.<\/div>\n","protected":false},"excerpt":{"rendered":"<p>La vulnerabilidad CVE-2024-2665 afecta al plugin Premium Addons for Elementor para WordPress, permitiendo a atacantes autenticados inyectar scripts maliciosos en p\u00e1ginas web. El plugin Premium Addons for Elementor hasta la versi\u00f3n 4.10.27 es vulnerable a Cross-Site Scripting almacenado debido a una insuficiente sanitizaci\u00f3n de la entrada y escape de la salida en atributos suministrados por [&hellip;]<\/p>\n","protected":false},"author":0,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[1185],"class_list":["post-3475","post","type-post","status-publish","format-standard","hentry","category-uncategorized","tag-cve-2024-2665"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v21.8 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Vulnerabilidad de Cross-Site Scripting en Premium Addons for Elementor &lt;= 4.10.27 - SeguridadWordPress.es<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-en-premium-addons-for-elementor-4-10-27\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Vulnerabilidad de Cross-Site Scripting en Premium Addons for Elementor &lt;= 4.10.27 - SeguridadWordPress.es\" \/>\n<meta property=\"og:description\" content=\"La vulnerabilidad CVE-2024-2665 afecta al plugin Premium Addons for Elementor para WordPress, permitiendo a atacantes autenticados inyectar scripts maliciosos en p\u00e1ginas web. El plugin Premium Addons for Elementor hasta la versi\u00f3n 4.10.27 es vulnerable a Cross-Site Scripting almacenado debido a una insuficiente sanitizaci\u00f3n de la entrada y escape de la salida en atributos suministrados por [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-en-premium-addons-for-elementor-4-10-27\/\" \/>\n<meta property=\"og:site_name\" content=\"SeguridadWordPress.es\" \/>\n<meta property=\"article:published_time\" content=\"2024-04-09T15:45:55+00:00\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-en-premium-addons-for-elementor-4-10-27\/\",\"url\":\"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-en-premium-addons-for-elementor-4-10-27\/\",\"name\":\"Vulnerabilidad de Cross-Site Scripting en Premium Addons for Elementor &lt;= 4.10.27 - SeguridadWordPress.es\",\"isPartOf\":{\"@id\":\"http:\/\/127.0.0.1\/#website\"},\"datePublished\":\"2024-04-09T15:45:55+00:00\",\"dateModified\":\"2024-04-09T15:45:55+00:00\",\"author\":{\"@id\":\"\"},\"breadcrumb\":{\"@id\":\"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-en-premium-addons-for-elementor-4-10-27\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-en-premium-addons-for-elementor-4-10-27\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-en-premium-addons-for-elementor-4-10-27\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"http:\/\/127.0.0.1\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Vulnerabilidad de Cross-Site Scripting en Premium Addons for Elementor &lt;= 4.10.27\"}]},{\"@type\":\"WebSite\",\"@id\":\"http:\/\/127.0.0.1\/#website\",\"url\":\"http:\/\/127.0.0.1\/\",\"name\":\"SeguridadWordPress.es\",\"description\":\"Recopilaci\u00f3n de vulnerabilidades WordPress.\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"http:\/\/127.0.0.1\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Vulnerabilidad de Cross-Site Scripting en Premium Addons for Elementor &lt;= 4.10.27 - SeguridadWordPress.es","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-en-premium-addons-for-elementor-4-10-27\/","og_locale":"en_US","og_type":"article","og_title":"Vulnerabilidad de Cross-Site Scripting en Premium Addons for Elementor &lt;= 4.10.27 - SeguridadWordPress.es","og_description":"La vulnerabilidad CVE-2024-2665 afecta al plugin Premium Addons for Elementor para WordPress, permitiendo a atacantes autenticados inyectar scripts maliciosos en p\u00e1ginas web. El plugin Premium Addons for Elementor hasta la versi\u00f3n 4.10.27 es vulnerable a Cross-Site Scripting almacenado debido a una insuficiente sanitizaci\u00f3n de la entrada y escape de la salida en atributos suministrados por [&hellip;]","og_url":"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-en-premium-addons-for-elementor-4-10-27\/","og_site_name":"SeguridadWordPress.es","article_published_time":"2024-04-09T15:45:55+00:00","twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-en-premium-addons-for-elementor-4-10-27\/","url":"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-en-premium-addons-for-elementor-4-10-27\/","name":"Vulnerabilidad de Cross-Site Scripting en Premium Addons for Elementor &lt;= 4.10.27 - SeguridadWordPress.es","isPartOf":{"@id":"http:\/\/127.0.0.1\/#website"},"datePublished":"2024-04-09T15:45:55+00:00","dateModified":"2024-04-09T15:45:55+00:00","author":{"@id":""},"breadcrumb":{"@id":"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-en-premium-addons-for-elementor-4-10-27\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-en-premium-addons-for-elementor-4-10-27\/"]}]},{"@type":"BreadcrumbList","@id":"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-en-premium-addons-for-elementor-4-10-27\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"http:\/\/127.0.0.1\/"},{"@type":"ListItem","position":2,"name":"Vulnerabilidad de Cross-Site Scripting en Premium Addons for Elementor &lt;= 4.10.27"}]},{"@type":"WebSite","@id":"http:\/\/127.0.0.1\/#website","url":"http:\/\/127.0.0.1\/","name":"SeguridadWordPress.es","description":"Recopilaci\u00f3n de vulnerabilidades WordPress.","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"http:\/\/127.0.0.1\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"}]}},"amp_enabled":true,"_links":{"self":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts\/3475"}],"collection":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/comments?post=3475"}],"version-history":[{"count":0,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts\/3475\/revisions"}],"wp:attachment":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/media?parent=3475"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/categories?post=3475"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/tags?post=3475"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}