{"id":3836,"date":"2024-05-29T15:45:24","date_gmt":"2024-05-29T15:45:24","guid":{"rendered":"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-en-unlimited-elements-for-elementor-widgets-addons-templates-1-5-107-authenticated-contributor\/"},"modified":"2024-05-29T15:45:24","modified_gmt":"2024-05-29T15:45:24","slug":"vulnerabilidad-de-cross-site-scripting-en-unlimited-elements-for-elementor-widgets-addons-templates-1-5-107-authenticated-contributor","status":"publish","type":"post","link":"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-en-unlimited-elements-for-elementor-widgets-addons-templates-1-5-107-authenticated-contributor\/","title":{"rendered":"Vulnerabilidad de Cross-Site Scripting en Unlimited Elements For Elementor (Widgets, Addons, Templates) <= 1.5.107 – Authenticated (Contributor+)"},"content":{"rendered":"
La vulnerabilidad CVE-2024-3190 permite a atacantes autenticados con nivel de acceso de colaborador o superior inyectar scripts web arbitrarios en las p\u00e1ginas del plugin Unlimited Elements For Elementor en versiones hasta la 1.5.107.<\/div>\n

<\/p>\n

El plugin Unlimited Elements For Elementor (Widgets, Addons, Templates) para WordPress es vulnerable a ataques de Cross-Site Scripting almacenado a trav\u00e9s del widget de campo de texto del plugin en todas las versiones hasta la 1.5.107 debido a la insuficiente sanitizaci\u00f3n de entrada y escape de salida en atributos suministrados por el usuario. Esto permite a atacantes autenticados, con acceso a nivel de colaborador o superior, inyectar scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada. Por favor, tenga en cuenta que esta vulnerabilidad es diferente en que el problema proviene de una plantilla externa. Parece que versiones m\u00e1s antiguas tambi\u00e9n pueden estar parcheadas debido a esto, sin embargo, estamos eligiendo la versi\u00f3n 1.5.108 como la versi\u00f3n parcheada ya que es la versi\u00f3n m\u00e1s reciente que contiene dicho parche.<\/div>\n
Para mitigar esta vulnerabilidad, se recomienda a los usuarios actualizar a la versi\u00f3n 1.5.108 del plugin Unlimited Elements For Elementor. Adem\u00e1s, se debe evitar insertar scripts web desconocidos en p\u00e1ginas del plugin y se recomienda revisar y validar cualquier entrada de usuario antes de aceptarla para su procesamiento.<\/div>\n","protected":false},"excerpt":{"rendered":"

La vulnerabilidad CVE-2024-3190 permite a atacantes autenticados con nivel de acceso de colaborador o superior inyectar scripts web arbitrarios en las p\u00e1ginas del plugin Unlimited Elements For Elementor en versiones hasta la 1.5.107. El plugin Unlimited Elements For Elementor (Widgets, Addons, Templates) para WordPress es vulnerable a ataques de Cross-Site Scripting almacenado a trav\u00e9s del […]<\/p>\n","protected":false},"author":0,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[1546],"class_list":["post-3836","post","type-post","status-publish","format-standard","hentry","category-uncategorized","tag-cve-2024-3190"],"yoast_head":"\nVulnerabilidad de Cross-Site Scripting en Unlimited Elements For Elementor (Widgets, Addons, Templates) <= 1.5.107 - Authenticated (Contributor+) - SeguridadWordPress.es<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-en-unlimited-elements-for-elementor-widgets-addons-templates-1-5-107-authenticated-contributor\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Vulnerabilidad de Cross-Site Scripting en Unlimited Elements For Elementor (Widgets, Addons, Templates) <= 1.5.107 - Authenticated (Contributor+) - SeguridadWordPress.es\" \/>\n<meta property=\"og:description\" content=\"La vulnerabilidad CVE-2024-3190 permite a atacantes autenticados con nivel de acceso de colaborador o superior inyectar scripts web arbitrarios en las p\u00e1ginas del plugin Unlimited Elements For Elementor en versiones hasta la 1.5.107. El plugin Unlimited Elements For Elementor (Widgets, Addons, Templates) para WordPress es vulnerable a ataques de Cross-Site Scripting almacenado a trav\u00e9s del […]\" \/>\n<meta property=\"og:url\" content=\"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-en-unlimited-elements-for-elementor-widgets-addons-templates-1-5-107-authenticated-contributor\/\" \/>\n<meta property=\"og:site_name\" content=\"SeguridadWordPress.es\" \/>\n<meta property=\"article:published_time\" content=\"2024-05-29T15:45:24+00:00\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-en-unlimited-elements-for-elementor-widgets-addons-templates-1-5-107-authenticated-contributor\/\",\"url\":\"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-en-unlimited-elements-for-elementor-widgets-addons-templates-1-5-107-authenticated-contributor\/\",\"name\":\"Vulnerabilidad de Cross-Site Scripting en Unlimited Elements For Elementor (Widgets, Addons, Templates) <= 1.5.107 - Authenticated (Contributor+) - SeguridadWordPress.es\",\"isPartOf\":{\"@id\":\"http:\/\/127.0.0.1\/#website\"},\"datePublished\":\"2024-05-29T15:45:24+00:00\",\"dateModified\":\"2024-05-29T15:45:24+00:00\",\"author\":{\"@id\":\"\"},\"breadcrumb\":{\"@id\":\"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-en-unlimited-elements-for-elementor-widgets-addons-templates-1-5-107-authenticated-contributor\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-en-unlimited-elements-for-elementor-widgets-addons-templates-1-5-107-authenticated-contributor\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-en-unlimited-elements-for-elementor-widgets-addons-templates-1-5-107-authenticated-contributor\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"http:\/\/127.0.0.1\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Vulnerabilidad de Cross-Site Scripting en Unlimited Elements For Elementor (Widgets, Addons, Templates) <= 1.5.107 – Authenticated (Contributor+)\"}]},{\"@type\":\"WebSite\",\"@id\":\"http:\/\/127.0.0.1\/#website\",\"url\":\"http:\/\/127.0.0.1\/\",\"name\":\"SeguridadWordPress.es\",\"description\":\"Recopilaci\u00f3n de vulnerabilidades WordPress.\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"http:\/\/127.0.0.1\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Vulnerabilidad de Cross-Site Scripting en Unlimited Elements For Elementor (Widgets, Addons, Templates) <= 1.5.107 - Authenticated (Contributor+) - SeguridadWordPress.es","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-en-unlimited-elements-for-elementor-widgets-addons-templates-1-5-107-authenticated-contributor\/","og_locale":"en_US","og_type":"article","og_title":"Vulnerabilidad de Cross-Site Scripting en Unlimited Elements For Elementor (Widgets, Addons, Templates) <= 1.5.107 - Authenticated (Contributor+) - SeguridadWordPress.es","og_description":"La vulnerabilidad CVE-2024-3190 permite a atacantes autenticados con nivel de acceso de colaborador o superior inyectar scripts web arbitrarios en las p\u00e1ginas del plugin Unlimited Elements For Elementor en versiones hasta la 1.5.107. El plugin Unlimited Elements For Elementor (Widgets, Addons, Templates) para WordPress es vulnerable a ataques de Cross-Site Scripting almacenado a trav\u00e9s del […]","og_url":"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-en-unlimited-elements-for-elementor-widgets-addons-templates-1-5-107-authenticated-contributor\/","og_site_name":"SeguridadWordPress.es","article_published_time":"2024-05-29T15:45:24+00:00","twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-en-unlimited-elements-for-elementor-widgets-addons-templates-1-5-107-authenticated-contributor\/","url":"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-en-unlimited-elements-for-elementor-widgets-addons-templates-1-5-107-authenticated-contributor\/","name":"Vulnerabilidad de Cross-Site Scripting en Unlimited Elements For Elementor (Widgets, Addons, Templates) <= 1.5.107 - Authenticated (Contributor+) - SeguridadWordPress.es","isPartOf":{"@id":"http:\/\/127.0.0.1\/#website"},"datePublished":"2024-05-29T15:45:24+00:00","dateModified":"2024-05-29T15:45:24+00:00","author":{"@id":""},"breadcrumb":{"@id":"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-en-unlimited-elements-for-elementor-widgets-addons-templates-1-5-107-authenticated-contributor\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-en-unlimited-elements-for-elementor-widgets-addons-templates-1-5-107-authenticated-contributor\/"]}]},{"@type":"BreadcrumbList","@id":"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-en-unlimited-elements-for-elementor-widgets-addons-templates-1-5-107-authenticated-contributor\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"http:\/\/127.0.0.1\/"},{"@type":"ListItem","position":2,"name":"Vulnerabilidad de Cross-Site Scripting en Unlimited Elements For Elementor (Widgets, Addons, Templates) <= 1.5.107 – Authenticated (Contributor+)"}]},{"@type":"WebSite","@id":"http:\/\/127.0.0.1\/#website","url":"http:\/\/127.0.0.1\/","name":"SeguridadWordPress.es","description":"Recopilaci\u00f3n de vulnerabilidades WordPress.","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"http:\/\/127.0.0.1\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"}]}},"amp_enabled":true,"_links":{"self":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts\/3836"}],"collection":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/comments?post=3836"}],"version-history":[{"count":0,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts\/3836\/revisions"}],"wp:attachment":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/media?parent=3836"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/categories?post=3836"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/tags?post=3836"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}