{"id":3586,"date":"2024-04-22T17:45:12","date_gmt":"2024-04-22T17:45:12","guid":{"rendered":"http:\/\/127.0.0.1\/colibri-page-builder-1-0-272-cross-site-scripting-almacenado-autenticado-contribuidor-a-traves-del-shortcode-colibri-gallery-slideshow\/"},"modified":"2024-04-22T17:45:12","modified_gmt":"2024-04-22T17:45:12","slug":"colibri-page-builder-1-0-272-cross-site-scripting-almacenado-autenticado-contribuidor-a-traves-del-shortcode-colibri-gallery-slideshow","status":"publish","type":"post","link":"http:\/\/127.0.0.1\/colibri-page-builder-1-0-272-cross-site-scripting-almacenado-autenticado-contribuidor-a-traves-del-shortcode-colibri-gallery-slideshow\/","title":{"rendered":"Colibri Page Builder <= 1.0.272 – Cross-Site Scripting almacenado autenticado (Contribuidor +) a trav\u00e9s del shortcode 'colibri-gallery-slideshow'"},"content":{"rendered":"
La vulnerabilidad de Cross-Site Scripting almacenado en el plugin Colibri Page Builder para WordPress permite a atacantes autenticados inyectar scripts web arbitrarios en las p\u00e1ginas del sitio, lo que puede comprometer la seguridad de los usuarios.<\/div>\n

<\/p>\n

El plugin Colibri Page Builder para WordPress es vulnerable al Cross-Site Scripting almacenado a trav\u00e9s del shortcode ‘colibri-gallery-slideshow’ en todas las versiones hasta, e incluyendo, la 1.0.272 debido a una insuficiente sanitizaci\u00f3n de entrada y escape de salida en los atributos suministrados por el usuario. Esto posibilita que atacantes autenticados, con nivel de acceso de contribuidor o superior, inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina comprometida.<\/div>\n
Para mitigar esta vulnerabilidad, se recomienda a los usuarios actualizar a la \u00faltima versi\u00f3n del plugin Colibri Page Builder tan pronto como est\u00e9 disponible. Adem\u00e1s, se aconseja a los administradores del sitio restringir los niveles de acceso de los usuarios a las funciones estrictamente necesarias para reducir el riesgo de explotaci\u00f3n de vulnerabilidades.<\/div>\n","protected":false},"excerpt":{"rendered":"

La vulnerabilidad de Cross-Site Scripting almacenado en el plugin Colibri Page Builder para WordPress permite a atacantes autenticados inyectar scripts web arbitrarios en las p\u00e1ginas del sitio, lo que puede comprometer la seguridad de los usuarios. El plugin Colibri Page Builder para WordPress es vulnerable al Cross-Site Scripting almacenado a trav\u00e9s del shortcode ‘colibri-gallery-slideshow’ en […]<\/p>\n","protected":false},"author":0,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[1296],"class_list":["post-3586","post","type-post","status-publish","format-standard","hentry","category-uncategorized","tag-cve-2024-3340"],"yoast_head":"\nColibri Page Builder <= 1.0.272 - Cross-Site Scripting almacenado autenticado (Contribuidor +) a trav\u00e9s del shortcode 'colibri-gallery-slideshow' - SeguridadWordPress.es<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"http:\/\/127.0.0.1\/colibri-page-builder-1-0-272-cross-site-scripting-almacenado-autenticado-contribuidor-a-traves-del-shortcode-colibri-gallery-slideshow\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Colibri Page Builder <= 1.0.272 - Cross-Site Scripting almacenado autenticado (Contribuidor +) a trav\u00e9s del shortcode 'colibri-gallery-slideshow' - SeguridadWordPress.es\" \/>\n<meta property=\"og:description\" content=\"La vulnerabilidad de Cross-Site Scripting almacenado en el plugin Colibri Page Builder para WordPress permite a atacantes autenticados inyectar scripts web arbitrarios en las p\u00e1ginas del sitio, lo que puede comprometer la seguridad de los usuarios. El plugin Colibri Page Builder para WordPress es vulnerable al Cross-Site Scripting almacenado a trav\u00e9s del shortcode ‘colibri-gallery-slideshow’ en […]\" \/>\n<meta property=\"og:url\" content=\"http:\/\/127.0.0.1\/colibri-page-builder-1-0-272-cross-site-scripting-almacenado-autenticado-contribuidor-a-traves-del-shortcode-colibri-gallery-slideshow\/\" \/>\n<meta property=\"og:site_name\" content=\"SeguridadWordPress.es\" \/>\n<meta property=\"article:published_time\" content=\"2024-04-22T17:45:12+00:00\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"http:\/\/127.0.0.1\/colibri-page-builder-1-0-272-cross-site-scripting-almacenado-autenticado-contribuidor-a-traves-del-shortcode-colibri-gallery-slideshow\/\",\"url\":\"http:\/\/127.0.0.1\/colibri-page-builder-1-0-272-cross-site-scripting-almacenado-autenticado-contribuidor-a-traves-del-shortcode-colibri-gallery-slideshow\/\",\"name\":\"Colibri Page Builder <= 1.0.272 - Cross-Site Scripting almacenado autenticado (Contribuidor +) a trav\u00e9s del shortcode 'colibri-gallery-slideshow' - SeguridadWordPress.es\",\"isPartOf\":{\"@id\":\"http:\/\/127.0.0.1\/#website\"},\"datePublished\":\"2024-04-22T17:45:12+00:00\",\"dateModified\":\"2024-04-22T17:45:12+00:00\",\"author\":{\"@id\":\"\"},\"breadcrumb\":{\"@id\":\"http:\/\/127.0.0.1\/colibri-page-builder-1-0-272-cross-site-scripting-almacenado-autenticado-contribuidor-a-traves-del-shortcode-colibri-gallery-slideshow\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"http:\/\/127.0.0.1\/colibri-page-builder-1-0-272-cross-site-scripting-almacenado-autenticado-contribuidor-a-traves-del-shortcode-colibri-gallery-slideshow\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"http:\/\/127.0.0.1\/colibri-page-builder-1-0-272-cross-site-scripting-almacenado-autenticado-contribuidor-a-traves-del-shortcode-colibri-gallery-slideshow\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"http:\/\/127.0.0.1\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Colibri Page Builder <= 1.0.272 – Cross-Site Scripting almacenado autenticado (Contribuidor +) a trav\u00e9s del shortcode 'colibri-gallery-slideshow'\"}]},{\"@type\":\"WebSite\",\"@id\":\"http:\/\/127.0.0.1\/#website\",\"url\":\"http:\/\/127.0.0.1\/\",\"name\":\"SeguridadWordPress.es\",\"description\":\"Recopilaci\u00f3n de vulnerabilidades WordPress.\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"http:\/\/127.0.0.1\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Colibri Page Builder <= 1.0.272 - Cross-Site Scripting almacenado autenticado (Contribuidor +) a trav\u00e9s del shortcode 'colibri-gallery-slideshow' - SeguridadWordPress.es","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"http:\/\/127.0.0.1\/colibri-page-builder-1-0-272-cross-site-scripting-almacenado-autenticado-contribuidor-a-traves-del-shortcode-colibri-gallery-slideshow\/","og_locale":"en_US","og_type":"article","og_title":"Colibri Page Builder <= 1.0.272 - Cross-Site Scripting almacenado autenticado (Contribuidor +) a trav\u00e9s del shortcode 'colibri-gallery-slideshow' - SeguridadWordPress.es","og_description":"La vulnerabilidad de Cross-Site Scripting almacenado en el plugin Colibri Page Builder para WordPress permite a atacantes autenticados inyectar scripts web arbitrarios en las p\u00e1ginas del sitio, lo que puede comprometer la seguridad de los usuarios. El plugin Colibri Page Builder para WordPress es vulnerable al Cross-Site Scripting almacenado a trav\u00e9s del shortcode ‘colibri-gallery-slideshow’ en […]","og_url":"http:\/\/127.0.0.1\/colibri-page-builder-1-0-272-cross-site-scripting-almacenado-autenticado-contribuidor-a-traves-del-shortcode-colibri-gallery-slideshow\/","og_site_name":"SeguridadWordPress.es","article_published_time":"2024-04-22T17:45:12+00:00","twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"http:\/\/127.0.0.1\/colibri-page-builder-1-0-272-cross-site-scripting-almacenado-autenticado-contribuidor-a-traves-del-shortcode-colibri-gallery-slideshow\/","url":"http:\/\/127.0.0.1\/colibri-page-builder-1-0-272-cross-site-scripting-almacenado-autenticado-contribuidor-a-traves-del-shortcode-colibri-gallery-slideshow\/","name":"Colibri Page Builder <= 1.0.272 - Cross-Site Scripting almacenado autenticado (Contribuidor +) a trav\u00e9s del shortcode 'colibri-gallery-slideshow' - SeguridadWordPress.es","isPartOf":{"@id":"http:\/\/127.0.0.1\/#website"},"datePublished":"2024-04-22T17:45:12+00:00","dateModified":"2024-04-22T17:45:12+00:00","author":{"@id":""},"breadcrumb":{"@id":"http:\/\/127.0.0.1\/colibri-page-builder-1-0-272-cross-site-scripting-almacenado-autenticado-contribuidor-a-traves-del-shortcode-colibri-gallery-slideshow\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["http:\/\/127.0.0.1\/colibri-page-builder-1-0-272-cross-site-scripting-almacenado-autenticado-contribuidor-a-traves-del-shortcode-colibri-gallery-slideshow\/"]}]},{"@type":"BreadcrumbList","@id":"http:\/\/127.0.0.1\/colibri-page-builder-1-0-272-cross-site-scripting-almacenado-autenticado-contribuidor-a-traves-del-shortcode-colibri-gallery-slideshow\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"http:\/\/127.0.0.1\/"},{"@type":"ListItem","position":2,"name":"Colibri Page Builder <= 1.0.272 – Cross-Site Scripting almacenado autenticado (Contribuidor +) a trav\u00e9s del shortcode 'colibri-gallery-slideshow'"}]},{"@type":"WebSite","@id":"http:\/\/127.0.0.1\/#website","url":"http:\/\/127.0.0.1\/","name":"SeguridadWordPress.es","description":"Recopilaci\u00f3n de vulnerabilidades WordPress.","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"http:\/\/127.0.0.1\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"}]}},"amp_enabled":true,"_links":{"self":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts\/3586"}],"collection":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/comments?post=3586"}],"version-history":[{"count":0,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts\/3586\/revisions"}],"wp:attachment":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/media?parent=3586"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/categories?post=3586"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/tags?post=3586"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}