{"id":3628,"date":"2024-04-25T20:45:12","date_gmt":"2024-04-25T20:45:12","guid":{"rendered":"http:\/\/127.0.0.1\/the-plus-addons-for-elementor-5-4-2-cross-site-scripting-xss-almacenado-autenticado-a-traves-de-atributos-personalizados\/"},"modified":"2024-04-25T20:45:12","modified_gmt":"2024-04-25T20:45:12","slug":"the-plus-addons-for-elementor-5-4-2-cross-site-scripting-xss-almacenado-autenticado-a-traves-de-atributos-personalizados","status":"publish","type":"post","link":"http:\/\/127.0.0.1\/the-plus-addons-for-elementor-5-4-2-cross-site-scripting-xss-almacenado-autenticado-a-traves-de-atributos-personalizados\/","title":{"rendered":"The Plus Addons for Elementor <= 5.4.2 – Cross-Site Scripting (XSS) Almacenado Autenticado a trav\u00e9s de Atributos Personalizados"},"content":{"rendered":"
La vulnerabilidad CVE-2024-3197 en el plugin The Plus Addons for Elementor permite a atacantes autenticados realizar ataques de Cross-Site Scripting (XSS) almacenado a trav\u00e9s de atributos personalizados en los widgets del plugin, lo que puede comprometer la seguridad de tu sitio WordPress.<\/div>\n

<\/p>\n

El plugin The Plus Addons for Elementor en versiones hasta la 5.4.2 es vulnerable a Cross-Site Scripting (XSS) almacenado a trav\u00e9s de atributos personalizados en los widgets del plugin debido a una insuficiente sanitizaci\u00f3n de entrada y escape de salida en los atributos suministrados por el usuario. Esto permite a atacantes autenticados, con acceso de contribuidor o superior, inyectar scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a la p\u00e1gina inyectada.<\/div>\n
Para proteger tu sitio de este tipo de ataques, es importante mantener el plugin The Plus Addons for Elementor actualizado a la \u00faltima versi\u00f3n disponible, adem\u00e1s de realizar una cuidadosa revisi\u00f3n de los atributos personalizados utilizados en los widgets del plugin para evitar posibles inyecciones de scripts maliciosos.<\/div>\n","protected":false},"excerpt":{"rendered":"

La vulnerabilidad CVE-2024-3197 en el plugin The Plus Addons for Elementor permite a atacantes autenticados realizar ataques de Cross-Site Scripting (XSS) almacenado a trav\u00e9s de atributos personalizados en los widgets del plugin, lo que puede comprometer la seguridad de tu sitio WordPress. El plugin The Plus Addons for Elementor en versiones hasta la 5.4.2 es […]<\/p>\n","protected":false},"author":0,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[1338],"class_list":["post-3628","post","type-post","status-publish","format-standard","hentry","category-uncategorized","tag-cve-2024-3197"],"yoast_head":"\nThe Plus Addons for Elementor <= 5.4.2 - Cross-Site Scripting (XSS) Almacenado Autenticado a trav\u00e9s de Atributos Personalizados - SeguridadWordPress.es<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"http:\/\/127.0.0.1\/the-plus-addons-for-elementor-5-4-2-cross-site-scripting-xss-almacenado-autenticado-a-traves-de-atributos-personalizados\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"The Plus Addons for Elementor <= 5.4.2 - Cross-Site Scripting (XSS) Almacenado Autenticado a trav\u00e9s de Atributos Personalizados - SeguridadWordPress.es\" \/>\n<meta property=\"og:description\" content=\"La vulnerabilidad CVE-2024-3197 en el plugin The Plus Addons for Elementor permite a atacantes autenticados realizar ataques de Cross-Site Scripting (XSS) almacenado a trav\u00e9s de atributos personalizados en los widgets del plugin, lo que puede comprometer la seguridad de tu sitio WordPress. El plugin The Plus Addons for Elementor en versiones hasta la 5.4.2 es […]\" \/>\n<meta property=\"og:url\" content=\"http:\/\/127.0.0.1\/the-plus-addons-for-elementor-5-4-2-cross-site-scripting-xss-almacenado-autenticado-a-traves-de-atributos-personalizados\/\" \/>\n<meta property=\"og:site_name\" content=\"SeguridadWordPress.es\" \/>\n<meta property=\"article:published_time\" content=\"2024-04-25T20:45:12+00:00\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"http:\/\/127.0.0.1\/the-plus-addons-for-elementor-5-4-2-cross-site-scripting-xss-almacenado-autenticado-a-traves-de-atributos-personalizados\/\",\"url\":\"http:\/\/127.0.0.1\/the-plus-addons-for-elementor-5-4-2-cross-site-scripting-xss-almacenado-autenticado-a-traves-de-atributos-personalizados\/\",\"name\":\"The Plus Addons for Elementor <= 5.4.2 - Cross-Site Scripting (XSS) Almacenado Autenticado a trav\u00e9s de Atributos Personalizados - SeguridadWordPress.es\",\"isPartOf\":{\"@id\":\"http:\/\/127.0.0.1\/#website\"},\"datePublished\":\"2024-04-25T20:45:12+00:00\",\"dateModified\":\"2024-04-25T20:45:12+00:00\",\"author\":{\"@id\":\"\"},\"breadcrumb\":{\"@id\":\"http:\/\/127.0.0.1\/the-plus-addons-for-elementor-5-4-2-cross-site-scripting-xss-almacenado-autenticado-a-traves-de-atributos-personalizados\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"http:\/\/127.0.0.1\/the-plus-addons-for-elementor-5-4-2-cross-site-scripting-xss-almacenado-autenticado-a-traves-de-atributos-personalizados\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"http:\/\/127.0.0.1\/the-plus-addons-for-elementor-5-4-2-cross-site-scripting-xss-almacenado-autenticado-a-traves-de-atributos-personalizados\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"http:\/\/127.0.0.1\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"The Plus Addons for Elementor <= 5.4.2 – Cross-Site Scripting (XSS) Almacenado Autenticado a trav\u00e9s de Atributos Personalizados\"}]},{\"@type\":\"WebSite\",\"@id\":\"http:\/\/127.0.0.1\/#website\",\"url\":\"http:\/\/127.0.0.1\/\",\"name\":\"SeguridadWordPress.es\",\"description\":\"Recopilaci\u00f3n de vulnerabilidades WordPress.\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"http:\/\/127.0.0.1\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"The Plus Addons for Elementor <= 5.4.2 - Cross-Site Scripting (XSS) Almacenado Autenticado a trav\u00e9s de Atributos Personalizados - SeguridadWordPress.es","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"http:\/\/127.0.0.1\/the-plus-addons-for-elementor-5-4-2-cross-site-scripting-xss-almacenado-autenticado-a-traves-de-atributos-personalizados\/","og_locale":"en_US","og_type":"article","og_title":"The Plus Addons for Elementor <= 5.4.2 - Cross-Site Scripting (XSS) Almacenado Autenticado a trav\u00e9s de Atributos Personalizados - SeguridadWordPress.es","og_description":"La vulnerabilidad CVE-2024-3197 en el plugin The Plus Addons for Elementor permite a atacantes autenticados realizar ataques de Cross-Site Scripting (XSS) almacenado a trav\u00e9s de atributos personalizados en los widgets del plugin, lo que puede comprometer la seguridad de tu sitio WordPress. El plugin The Plus Addons for Elementor en versiones hasta la 5.4.2 es […]","og_url":"http:\/\/127.0.0.1\/the-plus-addons-for-elementor-5-4-2-cross-site-scripting-xss-almacenado-autenticado-a-traves-de-atributos-personalizados\/","og_site_name":"SeguridadWordPress.es","article_published_time":"2024-04-25T20:45:12+00:00","twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"http:\/\/127.0.0.1\/the-plus-addons-for-elementor-5-4-2-cross-site-scripting-xss-almacenado-autenticado-a-traves-de-atributos-personalizados\/","url":"http:\/\/127.0.0.1\/the-plus-addons-for-elementor-5-4-2-cross-site-scripting-xss-almacenado-autenticado-a-traves-de-atributos-personalizados\/","name":"The Plus Addons for Elementor <= 5.4.2 - Cross-Site Scripting (XSS) Almacenado Autenticado a trav\u00e9s de Atributos Personalizados - SeguridadWordPress.es","isPartOf":{"@id":"http:\/\/127.0.0.1\/#website"},"datePublished":"2024-04-25T20:45:12+00:00","dateModified":"2024-04-25T20:45:12+00:00","author":{"@id":""},"breadcrumb":{"@id":"http:\/\/127.0.0.1\/the-plus-addons-for-elementor-5-4-2-cross-site-scripting-xss-almacenado-autenticado-a-traves-de-atributos-personalizados\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["http:\/\/127.0.0.1\/the-plus-addons-for-elementor-5-4-2-cross-site-scripting-xss-almacenado-autenticado-a-traves-de-atributos-personalizados\/"]}]},{"@type":"BreadcrumbList","@id":"http:\/\/127.0.0.1\/the-plus-addons-for-elementor-5-4-2-cross-site-scripting-xss-almacenado-autenticado-a-traves-de-atributos-personalizados\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"http:\/\/127.0.0.1\/"},{"@type":"ListItem","position":2,"name":"The Plus Addons for Elementor <= 5.4.2 – Cross-Site Scripting (XSS) Almacenado Autenticado a trav\u00e9s de Atributos Personalizados"}]},{"@type":"WebSite","@id":"http:\/\/127.0.0.1\/#website","url":"http:\/\/127.0.0.1\/","name":"SeguridadWordPress.es","description":"Recopilaci\u00f3n de vulnerabilidades WordPress.","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"http:\/\/127.0.0.1\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"}]}},"amp_enabled":true,"_links":{"self":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts\/3628"}],"collection":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/comments?post=3628"}],"version-history":[{"count":0,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts\/3628\/revisions"}],"wp:attachment":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/media?parent=3628"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/categories?post=3628"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/tags?post=3628"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}