{"id":3551,"date":"2024-04-16T19:45:16","date_gmt":"2024-04-16T19:45:16","guid":{"rendered":"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-en-ht-mega-absolute-addons-for-elementor-2-4-6-a-traves-del-widget-lightbox\/"},"modified":"2024-04-16T19:45:16","modified_gmt":"2024-04-16T19:45:16","slug":"vulnerabilidad-de-cross-site-scripting-en-ht-mega-absolute-addons-for-elementor-2-4-6-a-traves-del-widget-lightbox","status":"publish","type":"post","link":"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-en-ht-mega-absolute-addons-for-elementor-2-4-6-a-traves-del-widget-lightbox\/","title":{"rendered":"Vulnerabilidad de Cross-Site Scripting en HT Mega \u2013 Absolute Addons For Elementor <= 2.4.6 a trav\u00e9s del Widget Lightbox"},"content":{"rendered":"
La vulnerabilidad CVE-2024-2084 permite a atacantes autenticados con permisos de contribuidor o superiores inyectar scripts maliciosos en p\u00e1ginas web utilizando el plugin HT Mega \u2013 Absolute Addons For Elementor en versiones hasta 2.4.6.<\/div>\n

<\/p>\n

El plugin HT Mega \u2013 Absolute Addons For Elementor para WordPress es vulnerable a Cross-Site Scripting almacenado a trav\u00e9s del widget lightbox del plugin en todas las versiones hasta, e incluyendo, la 2.4.6 debido a una insuficiente sanitizaci\u00f3n de entrada y escape de salida en los atributos suministrados por el usuario. Esto permite que los atacantes autenticados con permisos de contribuidor o superiores inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a la p\u00e1gina inyectada.<\/div>\n
Se recomienda a los usuarios del plugin HT Mega \u2013 Absolute Addons For Elementor actualizar a la \u00faltima versi\u00f3n disponible lo antes posible para mitigar el riesgo de ataques de Cross-Site Scripting. Adem\u00e1s, se recomienda no hacer clic en enlaces sospechosos o provenientes de fuentes desconocidas para evitar la ejecuci\u00f3n de scripts maliciosos en sus sitios web.<\/div>\n","protected":false},"excerpt":{"rendered":"

La vulnerabilidad CVE-2024-2084 permite a atacantes autenticados con permisos de contribuidor o superiores inyectar scripts maliciosos en p\u00e1ginas web utilizando el plugin HT Mega \u2013 Absolute Addons For Elementor en versiones hasta 2.4.6. El plugin HT Mega \u2013 Absolute Addons For Elementor para WordPress es vulnerable a Cross-Site Scripting almacenado a trav\u00e9s del widget lightbox […]<\/p>\n","protected":false},"author":0,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[1261],"class_list":["post-3551","post","type-post","status-publish","format-standard","hentry","category-uncategorized","tag-cve-2024-2084"],"yoast_head":"\nVulnerabilidad de Cross-Site Scripting en HT Mega \u2013 Absolute Addons For Elementor <= 2.4.6 a trav\u00e9s del Widget Lightbox - SeguridadWordPress.es<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-en-ht-mega-absolute-addons-for-elementor-2-4-6-a-traves-del-widget-lightbox\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Vulnerabilidad de Cross-Site Scripting en HT Mega \u2013 Absolute Addons For Elementor <= 2.4.6 a trav\u00e9s del Widget Lightbox - SeguridadWordPress.es\" \/>\n<meta property=\"og:description\" content=\"La vulnerabilidad CVE-2024-2084 permite a atacantes autenticados con permisos de contribuidor o superiores inyectar scripts maliciosos en p\u00e1ginas web utilizando el plugin HT Mega \u2013 Absolute Addons For Elementor en versiones hasta 2.4.6. El plugin HT Mega \u2013 Absolute Addons For Elementor para WordPress es vulnerable a Cross-Site Scripting almacenado a trav\u00e9s del widget lightbox […]\" \/>\n<meta property=\"og:url\" content=\"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-en-ht-mega-absolute-addons-for-elementor-2-4-6-a-traves-del-widget-lightbox\/\" \/>\n<meta property=\"og:site_name\" content=\"SeguridadWordPress.es\" \/>\n<meta property=\"article:published_time\" content=\"2024-04-16T19:45:16+00:00\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-en-ht-mega-absolute-addons-for-elementor-2-4-6-a-traves-del-widget-lightbox\/\",\"url\":\"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-en-ht-mega-absolute-addons-for-elementor-2-4-6-a-traves-del-widget-lightbox\/\",\"name\":\"Vulnerabilidad de Cross-Site Scripting en HT Mega \u2013 Absolute Addons For Elementor <= 2.4.6 a trav\u00e9s del Widget Lightbox - SeguridadWordPress.es\",\"isPartOf\":{\"@id\":\"http:\/\/127.0.0.1\/#website\"},\"datePublished\":\"2024-04-16T19:45:16+00:00\",\"dateModified\":\"2024-04-16T19:45:16+00:00\",\"author\":{\"@id\":\"\"},\"breadcrumb\":{\"@id\":\"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-en-ht-mega-absolute-addons-for-elementor-2-4-6-a-traves-del-widget-lightbox\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-en-ht-mega-absolute-addons-for-elementor-2-4-6-a-traves-del-widget-lightbox\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-en-ht-mega-absolute-addons-for-elementor-2-4-6-a-traves-del-widget-lightbox\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"http:\/\/127.0.0.1\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Vulnerabilidad de Cross-Site Scripting en HT Mega \u2013 Absolute Addons For Elementor <= 2.4.6 a trav\u00e9s del Widget Lightbox\"}]},{\"@type\":\"WebSite\",\"@id\":\"http:\/\/127.0.0.1\/#website\",\"url\":\"http:\/\/127.0.0.1\/\",\"name\":\"SeguridadWordPress.es\",\"description\":\"Recopilaci\u00f3n de vulnerabilidades WordPress.\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"http:\/\/127.0.0.1\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Vulnerabilidad de Cross-Site Scripting en HT Mega \u2013 Absolute Addons For Elementor <= 2.4.6 a trav\u00e9s del Widget Lightbox - SeguridadWordPress.es","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-en-ht-mega-absolute-addons-for-elementor-2-4-6-a-traves-del-widget-lightbox\/","og_locale":"en_US","og_type":"article","og_title":"Vulnerabilidad de Cross-Site Scripting en HT Mega \u2013 Absolute Addons For Elementor <= 2.4.6 a trav\u00e9s del Widget Lightbox - SeguridadWordPress.es","og_description":"La vulnerabilidad CVE-2024-2084 permite a atacantes autenticados con permisos de contribuidor o superiores inyectar scripts maliciosos en p\u00e1ginas web utilizando el plugin HT Mega \u2013 Absolute Addons For Elementor en versiones hasta 2.4.6. El plugin HT Mega \u2013 Absolute Addons For Elementor para WordPress es vulnerable a Cross-Site Scripting almacenado a trav\u00e9s del widget lightbox […]","og_url":"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-en-ht-mega-absolute-addons-for-elementor-2-4-6-a-traves-del-widget-lightbox\/","og_site_name":"SeguridadWordPress.es","article_published_time":"2024-04-16T19:45:16+00:00","twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-en-ht-mega-absolute-addons-for-elementor-2-4-6-a-traves-del-widget-lightbox\/","url":"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-en-ht-mega-absolute-addons-for-elementor-2-4-6-a-traves-del-widget-lightbox\/","name":"Vulnerabilidad de Cross-Site Scripting en HT Mega \u2013 Absolute Addons For Elementor <= 2.4.6 a trav\u00e9s del Widget Lightbox - SeguridadWordPress.es","isPartOf":{"@id":"http:\/\/127.0.0.1\/#website"},"datePublished":"2024-04-16T19:45:16+00:00","dateModified":"2024-04-16T19:45:16+00:00","author":{"@id":""},"breadcrumb":{"@id":"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-en-ht-mega-absolute-addons-for-elementor-2-4-6-a-traves-del-widget-lightbox\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-en-ht-mega-absolute-addons-for-elementor-2-4-6-a-traves-del-widget-lightbox\/"]}]},{"@type":"BreadcrumbList","@id":"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-en-ht-mega-absolute-addons-for-elementor-2-4-6-a-traves-del-widget-lightbox\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"http:\/\/127.0.0.1\/"},{"@type":"ListItem","position":2,"name":"Vulnerabilidad de Cross-Site Scripting en HT Mega \u2013 Absolute Addons For Elementor <= 2.4.6 a trav\u00e9s del Widget Lightbox"}]},{"@type":"WebSite","@id":"http:\/\/127.0.0.1\/#website","url":"http:\/\/127.0.0.1\/","name":"SeguridadWordPress.es","description":"Recopilaci\u00f3n de vulnerabilidades WordPress.","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"http:\/\/127.0.0.1\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"}]}},"amp_enabled":true,"_links":{"self":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts\/3551"}],"collection":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/comments?post=3551"}],"version-history":[{"count":0,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts\/3551\/revisions"}],"wp:attachment":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/media?parent=3551"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/categories?post=3551"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/tags?post=3551"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}