{"id":3573,"date":"2024-04-19T13:45:38","date_gmt":"2024-04-19T13:45:38","guid":{"rendered":"http:\/\/127.0.0.1\/happy-addons-para-elementor-3-10-5-cross-site-scripting-almacenado-autenticado-contribuidor-a-traves-de-image-stack-group-photo-stack-horizontal-timeline\/"},"modified":"2024-04-19T13:45:38","modified_gmt":"2024-04-19T13:45:38","slug":"happy-addons-para-elementor-3-10-5-cross-site-scripting-almacenado-autenticado-contribuidor-a-traves-de-image-stack-group-photo-stack-horizontal-timeline","status":"publish","type":"post","link":"http:\/\/127.0.0.1\/happy-addons-para-elementor-3-10-5-cross-site-scripting-almacenado-autenticado-contribuidor-a-traves-de-image-stack-group-photo-stack-horizontal-timeline\/","title":{"rendered":"Happy Addons para Elementor <= 3.10.5 – Cross-Site Scripting almacenado autenticado (Contribuidor+) a trav\u00e9s de Image Stack Group, Photo Stack & Horizontal Timeline"},"content":{"rendered":"
El complemento Happy Addons para Elementor en WordPress es vulnerable a Cross-Site Scripting almacenado a trav\u00e9s de los widgets Image Stack Group, Photo Stack & Horizontal Timeline en todas las versiones hasta, e incluyendo, la 3.10.4 debido a una insuficiente sanitizaci\u00f3n de entradas y escape de salida en atributos proporcionados por el usuario. Esto permite a atacantes autenticados, con acceso de nivel contribuidor y superior, inyectar scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a la p\u00e1gina inyectada.<\/div>\n

<\/p>\n

Los usuarios que utilizan la versi\u00f3n 3.10.5 del complemento Happy Addons para Elementor deben tomar medidas inmediatas para proteger sus sitios web. Recomendamos desactivar temporalmente los widgets afectados por esta vulnerabilidad, como Image Stack Group, Photo Stack y Horizontal Timeline, hasta que se lance un parche de seguridad por parte del desarrollador. Adem\u00e1s, se recomienda a los usuarios actualizar el complemento a la versi\u00f3n m\u00e1s reciente una vez que est\u00e9 disponible.<\/div>\n
Es fundamental que los usuarios de WordPress est\u00e9n al tanto de las vulnerabilidades en complementos populares como Happy Addons para Elementor y tomen las medidas necesarias para proteger sus sitios web. Al seguir las recomendaciones mencionadas anteriormente, los usuarios pueden mitigar el riesgo de sufrir un ataque de Cross-Site Scripting almacenado y mantener la seguridad de sus sitios web.<\/div>\n","protected":false},"excerpt":{"rendered":"

El complemento Happy Addons para Elementor en WordPress es vulnerable a Cross-Site Scripting almacenado a trav\u00e9s de los widgets Image Stack Group, Photo Stack & Horizontal Timeline en todas las versiones hasta, e incluyendo, la 3.10.4 debido a una insuficiente sanitizaci\u00f3n de entradas y escape de salida en atributos proporcionados por el usuario. Esto permite […]<\/p>\n","protected":false},"author":0,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[1283],"class_list":["post-3573","post","type-post","status-publish","format-standard","hentry","category-uncategorized","tag-cve-2024-3724"],"yoast_head":"\nHappy Addons para Elementor <= 3.10.5 - Cross-Site Scripting almacenado autenticado (Contribuidor+) a trav\u00e9s de Image Stack Group, Photo Stack & Horizontal Timeline - SeguridadWordPress.es<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"http:\/\/127.0.0.1\/happy-addons-para-elementor-3-10-5-cross-site-scripting-almacenado-autenticado-contribuidor-a-traves-de-image-stack-group-photo-stack-horizontal-timeline\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Happy Addons para Elementor <= 3.10.5 - Cross-Site Scripting almacenado autenticado (Contribuidor+) a trav\u00e9s de Image Stack Group, Photo Stack & Horizontal Timeline - SeguridadWordPress.es\" \/>\n<meta property=\"og:description\" content=\"El complemento Happy Addons para Elementor en WordPress es vulnerable a Cross-Site Scripting almacenado a trav\u00e9s de los widgets Image Stack Group, Photo Stack & Horizontal Timeline en todas las versiones hasta, e incluyendo, la 3.10.4 debido a una insuficiente sanitizaci\u00f3n de entradas y escape de salida en atributos proporcionados por el usuario. Esto permite […]\" \/>\n<meta property=\"og:url\" content=\"http:\/\/127.0.0.1\/happy-addons-para-elementor-3-10-5-cross-site-scripting-almacenado-autenticado-contribuidor-a-traves-de-image-stack-group-photo-stack-horizontal-timeline\/\" \/>\n<meta property=\"og:site_name\" content=\"SeguridadWordPress.es\" \/>\n<meta property=\"article:published_time\" content=\"2024-04-19T13:45:38+00:00\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"http:\/\/127.0.0.1\/happy-addons-para-elementor-3-10-5-cross-site-scripting-almacenado-autenticado-contribuidor-a-traves-de-image-stack-group-photo-stack-horizontal-timeline\/\",\"url\":\"http:\/\/127.0.0.1\/happy-addons-para-elementor-3-10-5-cross-site-scripting-almacenado-autenticado-contribuidor-a-traves-de-image-stack-group-photo-stack-horizontal-timeline\/\",\"name\":\"Happy Addons para Elementor <= 3.10.5 - Cross-Site Scripting almacenado autenticado (Contribuidor+) a trav\u00e9s de Image Stack Group, Photo Stack & Horizontal Timeline - SeguridadWordPress.es\",\"isPartOf\":{\"@id\":\"http:\/\/127.0.0.1\/#website\"},\"datePublished\":\"2024-04-19T13:45:38+00:00\",\"dateModified\":\"2024-04-19T13:45:38+00:00\",\"author\":{\"@id\":\"\"},\"breadcrumb\":{\"@id\":\"http:\/\/127.0.0.1\/happy-addons-para-elementor-3-10-5-cross-site-scripting-almacenado-autenticado-contribuidor-a-traves-de-image-stack-group-photo-stack-horizontal-timeline\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"http:\/\/127.0.0.1\/happy-addons-para-elementor-3-10-5-cross-site-scripting-almacenado-autenticado-contribuidor-a-traves-de-image-stack-group-photo-stack-horizontal-timeline\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"http:\/\/127.0.0.1\/happy-addons-para-elementor-3-10-5-cross-site-scripting-almacenado-autenticado-contribuidor-a-traves-de-image-stack-group-photo-stack-horizontal-timeline\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"http:\/\/127.0.0.1\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Happy Addons para Elementor <= 3.10.5 – Cross-Site Scripting almacenado autenticado (Contribuidor+) a trav\u00e9s de Image Stack Group, Photo Stack & Horizontal Timeline\"}]},{\"@type\":\"WebSite\",\"@id\":\"http:\/\/127.0.0.1\/#website\",\"url\":\"http:\/\/127.0.0.1\/\",\"name\":\"SeguridadWordPress.es\",\"description\":\"Recopilaci\u00f3n de vulnerabilidades WordPress.\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"http:\/\/127.0.0.1\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Happy Addons para Elementor <= 3.10.5 - Cross-Site Scripting almacenado autenticado (Contribuidor+) a trav\u00e9s de Image Stack Group, Photo Stack & Horizontal Timeline - SeguridadWordPress.es","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"http:\/\/127.0.0.1\/happy-addons-para-elementor-3-10-5-cross-site-scripting-almacenado-autenticado-contribuidor-a-traves-de-image-stack-group-photo-stack-horizontal-timeline\/","og_locale":"en_US","og_type":"article","og_title":"Happy Addons para Elementor <= 3.10.5 - Cross-Site Scripting almacenado autenticado (Contribuidor+) a trav\u00e9s de Image Stack Group, Photo Stack & Horizontal Timeline - SeguridadWordPress.es","og_description":"El complemento Happy Addons para Elementor en WordPress es vulnerable a Cross-Site Scripting almacenado a trav\u00e9s de los widgets Image Stack Group, Photo Stack & Horizontal Timeline en todas las versiones hasta, e incluyendo, la 3.10.4 debido a una insuficiente sanitizaci\u00f3n de entradas y escape de salida en atributos proporcionados por el usuario. Esto permite […]","og_url":"http:\/\/127.0.0.1\/happy-addons-para-elementor-3-10-5-cross-site-scripting-almacenado-autenticado-contribuidor-a-traves-de-image-stack-group-photo-stack-horizontal-timeline\/","og_site_name":"SeguridadWordPress.es","article_published_time":"2024-04-19T13:45:38+00:00","twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"http:\/\/127.0.0.1\/happy-addons-para-elementor-3-10-5-cross-site-scripting-almacenado-autenticado-contribuidor-a-traves-de-image-stack-group-photo-stack-horizontal-timeline\/","url":"http:\/\/127.0.0.1\/happy-addons-para-elementor-3-10-5-cross-site-scripting-almacenado-autenticado-contribuidor-a-traves-de-image-stack-group-photo-stack-horizontal-timeline\/","name":"Happy Addons para Elementor <= 3.10.5 - Cross-Site Scripting almacenado autenticado (Contribuidor+) a trav\u00e9s de Image Stack Group, Photo Stack & Horizontal Timeline - SeguridadWordPress.es","isPartOf":{"@id":"http:\/\/127.0.0.1\/#website"},"datePublished":"2024-04-19T13:45:38+00:00","dateModified":"2024-04-19T13:45:38+00:00","author":{"@id":""},"breadcrumb":{"@id":"http:\/\/127.0.0.1\/happy-addons-para-elementor-3-10-5-cross-site-scripting-almacenado-autenticado-contribuidor-a-traves-de-image-stack-group-photo-stack-horizontal-timeline\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["http:\/\/127.0.0.1\/happy-addons-para-elementor-3-10-5-cross-site-scripting-almacenado-autenticado-contribuidor-a-traves-de-image-stack-group-photo-stack-horizontal-timeline\/"]}]},{"@type":"BreadcrumbList","@id":"http:\/\/127.0.0.1\/happy-addons-para-elementor-3-10-5-cross-site-scripting-almacenado-autenticado-contribuidor-a-traves-de-image-stack-group-photo-stack-horizontal-timeline\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"http:\/\/127.0.0.1\/"},{"@type":"ListItem","position":2,"name":"Happy Addons para Elementor <= 3.10.5 – Cross-Site Scripting almacenado autenticado (Contribuidor+) a trav\u00e9s de Image Stack Group, Photo Stack & Horizontal Timeline"}]},{"@type":"WebSite","@id":"http:\/\/127.0.0.1\/#website","url":"http:\/\/127.0.0.1\/","name":"SeguridadWordPress.es","description":"Recopilaci\u00f3n de vulnerabilidades WordPress.","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"http:\/\/127.0.0.1\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"}]}},"amp_enabled":true,"_links":{"self":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts\/3573"}],"collection":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/comments?post=3573"}],"version-history":[{"count":0,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts\/3573\/revisions"}],"wp:attachment":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/media?parent=3573"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/categories?post=3573"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/tags?post=3573"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}