{"id":3603,"date":"2024-04-23T15:45:10","date_gmt":"2024-04-23T15:45:10","guid":{"rendered":"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-almacenado-en-premium-addons-for-elementor-4-10-28\/"},"modified":"2024-04-23T15:45:10","modified_gmt":"2024-04-23T15:45:10","slug":"vulnerabilidad-de-cross-site-scripting-almacenado-en-premium-addons-for-elementor-4-10-28","status":"publish","type":"post","link":"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-almacenado-en-premium-addons-for-elementor-4-10-28\/","title":{"rendered":"Vulnerabilidad de Cross-Site Scripting almacenado en Premium Addons for Elementor <= 4.10.28"},"content":{"rendered":"
La vulnerabilidad CVE-2024-3885 en el plugin Premium Addons for Elementor para WordPress permite a atacantes autenticados realizar ataques de Cross-Site Scripting almacenado.<\/div>\n

<\/p>\n

El plugin Premium Addons for Elementor para WordPress es vulnerable a Cross-Site Scripting almacenado a trav\u00e9s del par\u00e1metro de valor de subcontenedor en todas las versiones hasta, e incluyendo, 4.10.28 debido a una sanitizaci\u00f3n insuficiente de la entrada y la falta de escape de la salida. Esto permite a atacantes autenticados, con acceso de contribuidor o superior, inyectar scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada.<\/div>\n
Se recomienda a los usuarios actualizar a la \u00faltima versi\u00f3n del plugin Premium Addons for Elementor tan pronto como sea posible para mitigar el riesgo de explotaci\u00f3n de esta vulnerabilidad. Adem\u00e1s, es importante tener cuidado al otorgar permisos de contribuidor o superiores en WordPress para evitar posibles ataques de usuarios malintencionados.<\/div>\n","protected":false},"excerpt":{"rendered":"

La vulnerabilidad CVE-2024-3885 en el plugin Premium Addons for Elementor para WordPress permite a atacantes autenticados realizar ataques de Cross-Site Scripting almacenado. El plugin Premium Addons for Elementor para WordPress es vulnerable a Cross-Site Scripting almacenado a trav\u00e9s del par\u00e1metro de valor de subcontenedor en todas las versiones hasta, e incluyendo, 4.10.28 debido a una […]<\/p>\n","protected":false},"author":0,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[1313],"yoast_head":"\nVulnerabilidad de Cross-Site Scripting almacenado en Premium Addons for Elementor <= 4.10.28 - SeguridadWordPress.es<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-almacenado-en-premium-addons-for-elementor-4-10-28\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Vulnerabilidad de Cross-Site Scripting almacenado en Premium Addons for Elementor <= 4.10.28 - SeguridadWordPress.es\" \/>\n<meta property=\"og:description\" content=\"La vulnerabilidad CVE-2024-3885 en el plugin Premium Addons for Elementor para WordPress permite a atacantes autenticados realizar ataques de Cross-Site Scripting almacenado. El plugin Premium Addons for Elementor para WordPress es vulnerable a Cross-Site Scripting almacenado a trav\u00e9s del par\u00e1metro de valor de subcontenedor en todas las versiones hasta, e incluyendo, 4.10.28 debido a una […]\" \/>\n<meta property=\"og:url\" content=\"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-almacenado-en-premium-addons-for-elementor-4-10-28\/\" \/>\n<meta property=\"og:site_name\" content=\"SeguridadWordPress.es\" \/>\n<meta property=\"article:published_time\" content=\"2024-04-23T15:45:10+00:00\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-almacenado-en-premium-addons-for-elementor-4-10-28\/\",\"url\":\"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-almacenado-en-premium-addons-for-elementor-4-10-28\/\",\"name\":\"Vulnerabilidad de Cross-Site Scripting almacenado en Premium Addons for Elementor <= 4.10.28 - SeguridadWordPress.es\",\"isPartOf\":{\"@id\":\"http:\/\/127.0.0.1\/#website\"},\"datePublished\":\"2024-04-23T15:45:10+00:00\",\"dateModified\":\"2024-04-23T15:45:10+00:00\",\"author\":{\"@id\":\"\"},\"breadcrumb\":{\"@id\":\"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-almacenado-en-premium-addons-for-elementor-4-10-28\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-almacenado-en-premium-addons-for-elementor-4-10-28\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-almacenado-en-premium-addons-for-elementor-4-10-28\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"http:\/\/127.0.0.1\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Vulnerabilidad de Cross-Site Scripting almacenado en Premium Addons for Elementor <= 4.10.28\"}]},{\"@type\":\"WebSite\",\"@id\":\"http:\/\/127.0.0.1\/#website\",\"url\":\"http:\/\/127.0.0.1\/\",\"name\":\"SeguridadWordPress.es\",\"description\":\"Recopilaci\u00f3n de vulnerabilidades WordPress.\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"http:\/\/127.0.0.1\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Vulnerabilidad de Cross-Site Scripting almacenado en Premium Addons for Elementor <= 4.10.28 - SeguridadWordPress.es","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-almacenado-en-premium-addons-for-elementor-4-10-28\/","og_locale":"en_US","og_type":"article","og_title":"Vulnerabilidad de Cross-Site Scripting almacenado en Premium Addons for Elementor <= 4.10.28 - SeguridadWordPress.es","og_description":"La vulnerabilidad CVE-2024-3885 en el plugin Premium Addons for Elementor para WordPress permite a atacantes autenticados realizar ataques de Cross-Site Scripting almacenado. El plugin Premium Addons for Elementor para WordPress es vulnerable a Cross-Site Scripting almacenado a trav\u00e9s del par\u00e1metro de valor de subcontenedor en todas las versiones hasta, e incluyendo, 4.10.28 debido a una […]","og_url":"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-almacenado-en-premium-addons-for-elementor-4-10-28\/","og_site_name":"SeguridadWordPress.es","article_published_time":"2024-04-23T15:45:10+00:00","twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-almacenado-en-premium-addons-for-elementor-4-10-28\/","url":"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-almacenado-en-premium-addons-for-elementor-4-10-28\/","name":"Vulnerabilidad de Cross-Site Scripting almacenado en Premium Addons for Elementor <= 4.10.28 - SeguridadWordPress.es","isPartOf":{"@id":"http:\/\/127.0.0.1\/#website"},"datePublished":"2024-04-23T15:45:10+00:00","dateModified":"2024-04-23T15:45:10+00:00","author":{"@id":""},"breadcrumb":{"@id":"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-almacenado-en-premium-addons-for-elementor-4-10-28\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-almacenado-en-premium-addons-for-elementor-4-10-28\/"]}]},{"@type":"BreadcrumbList","@id":"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-almacenado-en-premium-addons-for-elementor-4-10-28\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"http:\/\/127.0.0.1\/"},{"@type":"ListItem","position":2,"name":"Vulnerabilidad de Cross-Site Scripting almacenado en Premium Addons for Elementor <= 4.10.28"}]},{"@type":"WebSite","@id":"http:\/\/127.0.0.1\/#website","url":"http:\/\/127.0.0.1\/","name":"SeguridadWordPress.es","description":"Recopilaci\u00f3n de vulnerabilidades WordPress.","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"http:\/\/127.0.0.1\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"}]}},"amp_enabled":true,"_links":{"self":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts\/3603"}],"collection":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/comments?post=3603"}],"version-history":[{"count":0,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts\/3603\/revisions"}],"wp:attachment":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/media?parent=3603"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/categories?post=3603"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/tags?post=3603"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}