{"id":3750,"date":"2024-05-20T22:45:21","date_gmt":"2024-05-20T22:45:21","guid":{"rendered":"http:\/\/127.0.0.1\/elementor-website-builder-mas-que-un-constructor-de-paginas-3-21-4-cross-site-scripting-almacenado-dom-based-autenticado-contribuidor\/"},"modified":"2024-05-20T22:45:21","modified_gmt":"2024-05-20T22:45:21","slug":"elementor-website-builder-mas-que-un-constructor-de-paginas-3-21-4-cross-site-scripting-almacenado-dom-based-autenticado-contribuidor","status":"publish","type":"post","link":"http:\/\/127.0.0.1\/elementor-website-builder-mas-que-un-constructor-de-paginas-3-21-4-cross-site-scripting-almacenado-dom-based-autenticado-contribuidor\/","title":{"rendered":"Elementor Website Builder \u2013 M\u00e1s que un Constructor de P\u00e1ginas <= 3.21.4 – Cross-Site Scripting Almacenado DOM-Based Autenticado (Contribuidor+)"},"content":{"rendered":"
La vulnerabilidad de Cross-Site Scripting Almacenado DOM-Based afecta al plugin Elementor Website Builder \u2013 M\u00e1s que un Constructor de P\u00e1ginas para WordPress en versiones hasta, e incluyendo, 3.21.4. Esta vulnerabilidad se debe a una insuficiente sanitizaci\u00f3n de entradas y escape de salidas, lo que permite a atacantes autenticados, con permisos de nivel contribuidor y superior, inyectar scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cuando un usuario acceda a una p\u00e1gina infectada.<\/div>\n

<\/p>\n

Los usuarios afectados por esta vulnerabilidad deben actualizar a la versi\u00f3n m\u00e1s reciente del plugin Elementor Website Builder tan pronto como sea posible. Adem\u00e1s, se recomienda a los usuarios restringir los permisos de usuario en sus sitios web para limitar el acceso de posibles atacantes. Tambi\u00e9n es aconsejable realizar auditor\u00edas de seguridad peri\u00f3dicas en los sitios web para detectar posibles vulnerabilidades de forma proactiva.<\/div>\n
Como medida preventiva, es importante que los usuarios de WordPress est\u00e9n al tanto de las actualizaciones de seguridad de los plugins que utilizan y tomen medidas para proteger sus sitios web contra posibles ataques de Cross-Site Scripting y otras vulnerabilidades conocidas.<\/div>\n","protected":false},"excerpt":{"rendered":"

La vulnerabilidad de Cross-Site Scripting Almacenado DOM-Based afecta al plugin Elementor Website Builder \u2013 M\u00e1s que un Constructor de P\u00e1ginas para WordPress en versiones hasta, e incluyendo, 3.21.4. Esta vulnerabilidad se debe a una insuficiente sanitizaci\u00f3n de entradas y escape de salidas, lo que permite a atacantes autenticados, con permisos de nivel contribuidor y superior, […]<\/p>\n","protected":false},"author":0,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[1460],"class_list":["post-3750","post","type-post","status-publish","format-standard","hentry","category-uncategorized","tag-cve-2024-4619"],"yoast_head":"\nElementor Website Builder \u2013 M\u00e1s que un Constructor de P\u00e1ginas <= 3.21.4 - Cross-Site Scripting Almacenado DOM-Based Autenticado (Contribuidor+) - SeguridadWordPress.es<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"http:\/\/127.0.0.1\/elementor-website-builder-mas-que-un-constructor-de-paginas-3-21-4-cross-site-scripting-almacenado-dom-based-autenticado-contribuidor\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Elementor Website Builder \u2013 M\u00e1s que un Constructor de P\u00e1ginas <= 3.21.4 - Cross-Site Scripting Almacenado DOM-Based Autenticado (Contribuidor+) - SeguridadWordPress.es\" \/>\n<meta property=\"og:description\" content=\"La vulnerabilidad de Cross-Site Scripting Almacenado DOM-Based afecta al plugin Elementor Website Builder \u2013 M\u00e1s que un Constructor de P\u00e1ginas para WordPress en versiones hasta, e incluyendo, 3.21.4. Esta vulnerabilidad se debe a una insuficiente sanitizaci\u00f3n de entradas y escape de salidas, lo que permite a atacantes autenticados, con permisos de nivel contribuidor y superior, […]\" \/>\n<meta property=\"og:url\" content=\"http:\/\/127.0.0.1\/elementor-website-builder-mas-que-un-constructor-de-paginas-3-21-4-cross-site-scripting-almacenado-dom-based-autenticado-contribuidor\/\" \/>\n<meta property=\"og:site_name\" content=\"SeguridadWordPress.es\" \/>\n<meta property=\"article:published_time\" content=\"2024-05-20T22:45:21+00:00\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"http:\/\/127.0.0.1\/elementor-website-builder-mas-que-un-constructor-de-paginas-3-21-4-cross-site-scripting-almacenado-dom-based-autenticado-contribuidor\/\",\"url\":\"http:\/\/127.0.0.1\/elementor-website-builder-mas-que-un-constructor-de-paginas-3-21-4-cross-site-scripting-almacenado-dom-based-autenticado-contribuidor\/\",\"name\":\"Elementor Website Builder \u2013 M\u00e1s que un Constructor de P\u00e1ginas <= 3.21.4 - Cross-Site Scripting Almacenado DOM-Based Autenticado (Contribuidor+) - SeguridadWordPress.es\",\"isPartOf\":{\"@id\":\"http:\/\/127.0.0.1\/#website\"},\"datePublished\":\"2024-05-20T22:45:21+00:00\",\"dateModified\":\"2024-05-20T22:45:21+00:00\",\"author\":{\"@id\":\"\"},\"breadcrumb\":{\"@id\":\"http:\/\/127.0.0.1\/elementor-website-builder-mas-que-un-constructor-de-paginas-3-21-4-cross-site-scripting-almacenado-dom-based-autenticado-contribuidor\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"http:\/\/127.0.0.1\/elementor-website-builder-mas-que-un-constructor-de-paginas-3-21-4-cross-site-scripting-almacenado-dom-based-autenticado-contribuidor\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"http:\/\/127.0.0.1\/elementor-website-builder-mas-que-un-constructor-de-paginas-3-21-4-cross-site-scripting-almacenado-dom-based-autenticado-contribuidor\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"http:\/\/127.0.0.1\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Elementor Website Builder \u2013 M\u00e1s que un Constructor de P\u00e1ginas <= 3.21.4 – Cross-Site Scripting Almacenado DOM-Based Autenticado (Contribuidor+)\"}]},{\"@type\":\"WebSite\",\"@id\":\"http:\/\/127.0.0.1\/#website\",\"url\":\"http:\/\/127.0.0.1\/\",\"name\":\"SeguridadWordPress.es\",\"description\":\"Recopilaci\u00f3n de vulnerabilidades WordPress.\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"http:\/\/127.0.0.1\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Elementor Website Builder \u2013 M\u00e1s que un Constructor de P\u00e1ginas <= 3.21.4 - Cross-Site Scripting Almacenado DOM-Based Autenticado (Contribuidor+) - SeguridadWordPress.es","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"http:\/\/127.0.0.1\/elementor-website-builder-mas-que-un-constructor-de-paginas-3-21-4-cross-site-scripting-almacenado-dom-based-autenticado-contribuidor\/","og_locale":"en_US","og_type":"article","og_title":"Elementor Website Builder \u2013 M\u00e1s que un Constructor de P\u00e1ginas <= 3.21.4 - Cross-Site Scripting Almacenado DOM-Based Autenticado (Contribuidor+) - SeguridadWordPress.es","og_description":"La vulnerabilidad de Cross-Site Scripting Almacenado DOM-Based afecta al plugin Elementor Website Builder \u2013 M\u00e1s que un Constructor de P\u00e1ginas para WordPress en versiones hasta, e incluyendo, 3.21.4. Esta vulnerabilidad se debe a una insuficiente sanitizaci\u00f3n de entradas y escape de salidas, lo que permite a atacantes autenticados, con permisos de nivel contribuidor y superior, […]","og_url":"http:\/\/127.0.0.1\/elementor-website-builder-mas-que-un-constructor-de-paginas-3-21-4-cross-site-scripting-almacenado-dom-based-autenticado-contribuidor\/","og_site_name":"SeguridadWordPress.es","article_published_time":"2024-05-20T22:45:21+00:00","twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"http:\/\/127.0.0.1\/elementor-website-builder-mas-que-un-constructor-de-paginas-3-21-4-cross-site-scripting-almacenado-dom-based-autenticado-contribuidor\/","url":"http:\/\/127.0.0.1\/elementor-website-builder-mas-que-un-constructor-de-paginas-3-21-4-cross-site-scripting-almacenado-dom-based-autenticado-contribuidor\/","name":"Elementor Website Builder \u2013 M\u00e1s que un Constructor de P\u00e1ginas <= 3.21.4 - Cross-Site Scripting Almacenado DOM-Based Autenticado (Contribuidor+) - SeguridadWordPress.es","isPartOf":{"@id":"http:\/\/127.0.0.1\/#website"},"datePublished":"2024-05-20T22:45:21+00:00","dateModified":"2024-05-20T22:45:21+00:00","author":{"@id":""},"breadcrumb":{"@id":"http:\/\/127.0.0.1\/elementor-website-builder-mas-que-un-constructor-de-paginas-3-21-4-cross-site-scripting-almacenado-dom-based-autenticado-contribuidor\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["http:\/\/127.0.0.1\/elementor-website-builder-mas-que-un-constructor-de-paginas-3-21-4-cross-site-scripting-almacenado-dom-based-autenticado-contribuidor\/"]}]},{"@type":"BreadcrumbList","@id":"http:\/\/127.0.0.1\/elementor-website-builder-mas-que-un-constructor-de-paginas-3-21-4-cross-site-scripting-almacenado-dom-based-autenticado-contribuidor\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"http:\/\/127.0.0.1\/"},{"@type":"ListItem","position":2,"name":"Elementor Website Builder \u2013 M\u00e1s que un Constructor de P\u00e1ginas <= 3.21.4 – Cross-Site Scripting Almacenado DOM-Based Autenticado (Contribuidor+)"}]},{"@type":"WebSite","@id":"http:\/\/127.0.0.1\/#website","url":"http:\/\/127.0.0.1\/","name":"SeguridadWordPress.es","description":"Recopilaci\u00f3n de vulnerabilidades WordPress.","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"http:\/\/127.0.0.1\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"}]}},"amp_enabled":true,"_links":{"self":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts\/3750"}],"collection":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/comments?post=3750"}],"version-history":[{"count":0,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts\/3750\/revisions"}],"wp:attachment":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/media?parent=3750"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/categories?post=3750"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/tags?post=3750"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}