{"id":3708,"date":"2024-05-01T18:45:21","date_gmt":"2024-05-01T18:45:21","guid":{"rendered":"http:\/\/127.0.0.1\/supreme-modules-lite-vulnerabilidad-de-cross-site-scripting-en-divi-theme-extra-theme-y-divi-builder-2-5-3-autenticado-contributor\/"},"modified":"2024-05-01T18:45:21","modified_gmt":"2024-05-01T18:45:21","slug":"supreme-modules-lite-vulnerabilidad-de-cross-site-scripting-en-divi-theme-extra-theme-y-divi-builder-2-5-3-autenticado-contributor","status":"publish","type":"post","link":"http:\/\/127.0.0.1\/supreme-modules-lite-vulnerabilidad-de-cross-site-scripting-en-divi-theme-extra-theme-y-divi-builder-2-5-3-autenticado-contributor\/","title":{"rendered":"Supreme Modules Lite – Vulnerabilidad de Cross-Site Scripting en Divi Theme, Extra Theme y Divi Builder <= 2.5.3 – Autenticado (Contributor+)"},"content":{"rendered":"
El plugin Supreme Modules Lite – Divi Theme, Extra Theme y Divi Builder para WordPress es vulnerable a Cross-Site Scripting basado en DOM a trav\u00e9s del par\u00e1metro ‘typing_cursor’ en versiones hasta, e incluyendo, la 2.5.3 debido a una sanitizaci\u00f3n insuficiente de la entrada y escape de la salida. Esto permite a atacantes autenticados, con permisos de contribuidor y superior, inyectar scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada.<\/div>\n

<\/p>\n

Los usuarios afectados por esta vulnerabilidad deben actualizar a la \u00faltima versi\u00f3n del plugin tan pronto como sea posible. Adem\u00e1s, se recomienda a los administradores del sitio restringir los permisos de los usuarios autenticados para reducir el riesgo de explotaci\u00f3n de la vulnerabilidad. Otra medida preventiva es implementar un firewall de aplicaciones web (WAF) para detectar y bloquear posibles ataques de XSS en tiempo real.<\/div>\n
La importancia de mantener todos los plugins y temas de WordPress actualizados resalta una vez m\u00e1s con esta vulnerabilidad en Supreme Modules Lite. Al tomar medidas proactivas para proteger los sitios web, los usuarios pueden reducir significativamente el riesgo de ser comprometidos por ataques de Cross-Site Scripting.<\/div>\n","protected":false},"excerpt":{"rendered":"

El plugin Supreme Modules Lite – Divi Theme, Extra Theme y Divi Builder para WordPress es vulnerable a Cross-Site Scripting basado en DOM a trav\u00e9s del par\u00e1metro ‘typing_cursor’ en versiones hasta, e incluyendo, la 2.5.3 debido a una sanitizaci\u00f3n insuficiente de la entrada y escape de la salida. Esto permite a atacantes autenticados, con permisos […]<\/p>\n","protected":false},"author":0,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[1418],"class_list":["post-3708","post","type-post","status-publish","format-standard","hentry","category-uncategorized","tag-cve-2024-4334"],"yoast_head":"\nSupreme Modules Lite - Vulnerabilidad de Cross-Site Scripting en Divi Theme, Extra Theme y Divi Builder <= 2.5.3 - Autenticado (Contributor+) - SeguridadWordPress.es<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"http:\/\/127.0.0.1\/supreme-modules-lite-vulnerabilidad-de-cross-site-scripting-en-divi-theme-extra-theme-y-divi-builder-2-5-3-autenticado-contributor\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Supreme Modules Lite - Vulnerabilidad de Cross-Site Scripting en Divi Theme, Extra Theme y Divi Builder <= 2.5.3 - Autenticado (Contributor+) - SeguridadWordPress.es\" \/>\n<meta property=\"og:description\" content=\"El plugin Supreme Modules Lite – Divi Theme, Extra Theme y Divi Builder para WordPress es vulnerable a Cross-Site Scripting basado en DOM a trav\u00e9s del par\u00e1metro ‘typing_cursor’ en versiones hasta, e incluyendo, la 2.5.3 debido a una sanitizaci\u00f3n insuficiente de la entrada y escape de la salida. Esto permite a atacantes autenticados, con permisos […]\" \/>\n<meta property=\"og:url\" content=\"http:\/\/127.0.0.1\/supreme-modules-lite-vulnerabilidad-de-cross-site-scripting-en-divi-theme-extra-theme-y-divi-builder-2-5-3-autenticado-contributor\/\" \/>\n<meta property=\"og:site_name\" content=\"SeguridadWordPress.es\" \/>\n<meta property=\"article:published_time\" content=\"2024-05-01T18:45:21+00:00\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"http:\/\/127.0.0.1\/supreme-modules-lite-vulnerabilidad-de-cross-site-scripting-en-divi-theme-extra-theme-y-divi-builder-2-5-3-autenticado-contributor\/\",\"url\":\"http:\/\/127.0.0.1\/supreme-modules-lite-vulnerabilidad-de-cross-site-scripting-en-divi-theme-extra-theme-y-divi-builder-2-5-3-autenticado-contributor\/\",\"name\":\"Supreme Modules Lite - Vulnerabilidad de Cross-Site Scripting en Divi Theme, Extra Theme y Divi Builder <= 2.5.3 - Autenticado (Contributor+) - SeguridadWordPress.es\",\"isPartOf\":{\"@id\":\"http:\/\/127.0.0.1\/#website\"},\"datePublished\":\"2024-05-01T18:45:21+00:00\",\"dateModified\":\"2024-05-01T18:45:21+00:00\",\"author\":{\"@id\":\"\"},\"breadcrumb\":{\"@id\":\"http:\/\/127.0.0.1\/supreme-modules-lite-vulnerabilidad-de-cross-site-scripting-en-divi-theme-extra-theme-y-divi-builder-2-5-3-autenticado-contributor\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"http:\/\/127.0.0.1\/supreme-modules-lite-vulnerabilidad-de-cross-site-scripting-en-divi-theme-extra-theme-y-divi-builder-2-5-3-autenticado-contributor\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"http:\/\/127.0.0.1\/supreme-modules-lite-vulnerabilidad-de-cross-site-scripting-en-divi-theme-extra-theme-y-divi-builder-2-5-3-autenticado-contributor\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"http:\/\/127.0.0.1\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Supreme Modules Lite – Vulnerabilidad de Cross-Site Scripting en Divi Theme, Extra Theme y Divi Builder <= 2.5.3 – Autenticado (Contributor+)\"}]},{\"@type\":\"WebSite\",\"@id\":\"http:\/\/127.0.0.1\/#website\",\"url\":\"http:\/\/127.0.0.1\/\",\"name\":\"SeguridadWordPress.es\",\"description\":\"Recopilaci\u00f3n de vulnerabilidades WordPress.\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"http:\/\/127.0.0.1\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Supreme Modules Lite - Vulnerabilidad de Cross-Site Scripting en Divi Theme, Extra Theme y Divi Builder <= 2.5.3 - Autenticado (Contributor+) - SeguridadWordPress.es","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"http:\/\/127.0.0.1\/supreme-modules-lite-vulnerabilidad-de-cross-site-scripting-en-divi-theme-extra-theme-y-divi-builder-2-5-3-autenticado-contributor\/","og_locale":"en_US","og_type":"article","og_title":"Supreme Modules Lite - Vulnerabilidad de Cross-Site Scripting en Divi Theme, Extra Theme y Divi Builder <= 2.5.3 - Autenticado (Contributor+) - SeguridadWordPress.es","og_description":"El plugin Supreme Modules Lite – Divi Theme, Extra Theme y Divi Builder para WordPress es vulnerable a Cross-Site Scripting basado en DOM a trav\u00e9s del par\u00e1metro ‘typing_cursor’ en versiones hasta, e incluyendo, la 2.5.3 debido a una sanitizaci\u00f3n insuficiente de la entrada y escape de la salida. Esto permite a atacantes autenticados, con permisos […]","og_url":"http:\/\/127.0.0.1\/supreme-modules-lite-vulnerabilidad-de-cross-site-scripting-en-divi-theme-extra-theme-y-divi-builder-2-5-3-autenticado-contributor\/","og_site_name":"SeguridadWordPress.es","article_published_time":"2024-05-01T18:45:21+00:00","twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"http:\/\/127.0.0.1\/supreme-modules-lite-vulnerabilidad-de-cross-site-scripting-en-divi-theme-extra-theme-y-divi-builder-2-5-3-autenticado-contributor\/","url":"http:\/\/127.0.0.1\/supreme-modules-lite-vulnerabilidad-de-cross-site-scripting-en-divi-theme-extra-theme-y-divi-builder-2-5-3-autenticado-contributor\/","name":"Supreme Modules Lite - Vulnerabilidad de Cross-Site Scripting en Divi Theme, Extra Theme y Divi Builder <= 2.5.3 - Autenticado (Contributor+) - SeguridadWordPress.es","isPartOf":{"@id":"http:\/\/127.0.0.1\/#website"},"datePublished":"2024-05-01T18:45:21+00:00","dateModified":"2024-05-01T18:45:21+00:00","author":{"@id":""},"breadcrumb":{"@id":"http:\/\/127.0.0.1\/supreme-modules-lite-vulnerabilidad-de-cross-site-scripting-en-divi-theme-extra-theme-y-divi-builder-2-5-3-autenticado-contributor\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["http:\/\/127.0.0.1\/supreme-modules-lite-vulnerabilidad-de-cross-site-scripting-en-divi-theme-extra-theme-y-divi-builder-2-5-3-autenticado-contributor\/"]}]},{"@type":"BreadcrumbList","@id":"http:\/\/127.0.0.1\/supreme-modules-lite-vulnerabilidad-de-cross-site-scripting-en-divi-theme-extra-theme-y-divi-builder-2-5-3-autenticado-contributor\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"http:\/\/127.0.0.1\/"},{"@type":"ListItem","position":2,"name":"Supreme Modules Lite – Vulnerabilidad de Cross-Site Scripting en Divi Theme, Extra Theme y Divi Builder <= 2.5.3 – Autenticado (Contributor+)"}]},{"@type":"WebSite","@id":"http:\/\/127.0.0.1\/#website","url":"http:\/\/127.0.0.1\/","name":"SeguridadWordPress.es","description":"Recopilaci\u00f3n de vulnerabilidades WordPress.","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"http:\/\/127.0.0.1\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"}]}},"amp_enabled":true,"_links":{"self":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts\/3708"}],"collection":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/comments?post=3708"}],"version-history":[{"count":0,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts\/3708\/revisions"}],"wp:attachment":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/media?parent=3708"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/categories?post=3708"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/tags?post=3708"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}