{"id":3969,"date":"2024-06-06T18:45:09","date_gmt":"2024-06-06T18:45:09","guid":{"rendered":"http:\/\/127.0.0.1\/colibri-page-builder-1-0-276-cross-site-scripting-almacenada-autenticada-contributor-a-traves-del-shortcode-colibri_video_player\/"},"modified":"2024-06-06T18:45:09","modified_gmt":"2024-06-06T18:45:09","slug":"colibri-page-builder-1-0-276-cross-site-scripting-almacenada-autenticada-contributor-a-traves-del-shortcode-colibri_video_player","status":"publish","type":"post","link":"http:\/\/127.0.0.1\/colibri-page-builder-1-0-276-cross-site-scripting-almacenada-autenticada-contributor-a-traves-del-shortcode-colibri_video_player\/","title":{"rendered":"Colibri Page Builder <= 1.0.276 – Cross-Site Scripting almacenada autenticada (Contributor+) a trav\u00e9s del shortcode colibri_video_player"},"content":{"rendered":"
La vulnerabilidad CVE-2024-4451 encontrada en el plugin Colibri Page Builder para WordPress permite a atacantes autenticados con acceso de nivel contribuidor o superior, inyectar scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina comprometida.<\/div>\n

<\/p>\n

La versi\u00f3n 1.0.276 y anteriores del plugin Colibri Page Builder son susceptibles a Cross-Site Scripting almacenada debido a la insuficiente sanitizaci\u00f3n de entrada y escape de salida en los atributos suministrados por el usuario. Esto abre la puerta para que un atacante autenticado pueda comprometer la seguridad del sitio al inyectar scripts maliciosos utilizando el shortcode colibri_video_player.<\/div>\n
Se recomienda a los usuarios de Colibri Page Builder actualizar su plugin a la \u00faltima versi\u00f3n disponible y mantenerse al d\u00eda con las actualizaciones de seguridad de WordPress para evitar ser v\u00edctimas de este tipo de vulnerabilidades.<\/div>\n","protected":false},"excerpt":{"rendered":"

La vulnerabilidad CVE-2024-4451 encontrada en el plugin Colibri Page Builder para WordPress permite a atacantes autenticados con acceso de nivel contribuidor o superior, inyectar scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina comprometida. La versi\u00f3n 1.0.276 y anteriores del plugin Colibri Page Builder son susceptibles a […]<\/p>\n","protected":false},"author":0,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[1679],"class_list":["post-3969","post","type-post","status-publish","format-standard","hentry","category-uncategorized","tag-cve-2024-4451"],"yoast_head":"\nColibri Page Builder <= 1.0.276 - Cross-Site Scripting almacenada autenticada (Contributor+) a trav\u00e9s del shortcode colibri_video_player - SeguridadWordPress.es<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"http:\/\/127.0.0.1\/colibri-page-builder-1-0-276-cross-site-scripting-almacenada-autenticada-contributor-a-traves-del-shortcode-colibri_video_player\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Colibri Page Builder <= 1.0.276 - Cross-Site Scripting almacenada autenticada (Contributor+) a trav\u00e9s del shortcode colibri_video_player - SeguridadWordPress.es\" \/>\n<meta property=\"og:description\" content=\"La vulnerabilidad CVE-2024-4451 encontrada en el plugin Colibri Page Builder para WordPress permite a atacantes autenticados con acceso de nivel contribuidor o superior, inyectar scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina comprometida. La versi\u00f3n 1.0.276 y anteriores del plugin Colibri Page Builder son susceptibles a […]\" \/>\n<meta property=\"og:url\" content=\"http:\/\/127.0.0.1\/colibri-page-builder-1-0-276-cross-site-scripting-almacenada-autenticada-contributor-a-traves-del-shortcode-colibri_video_player\/\" \/>\n<meta property=\"og:site_name\" content=\"SeguridadWordPress.es\" \/>\n<meta property=\"article:published_time\" content=\"2024-06-06T18:45:09+00:00\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"http:\/\/127.0.0.1\/colibri-page-builder-1-0-276-cross-site-scripting-almacenada-autenticada-contributor-a-traves-del-shortcode-colibri_video_player\/\",\"url\":\"http:\/\/127.0.0.1\/colibri-page-builder-1-0-276-cross-site-scripting-almacenada-autenticada-contributor-a-traves-del-shortcode-colibri_video_player\/\",\"name\":\"Colibri Page Builder <= 1.0.276 - Cross-Site Scripting almacenada autenticada (Contributor+) a trav\u00e9s del shortcode colibri_video_player - SeguridadWordPress.es\",\"isPartOf\":{\"@id\":\"http:\/\/127.0.0.1\/#website\"},\"datePublished\":\"2024-06-06T18:45:09+00:00\",\"dateModified\":\"2024-06-06T18:45:09+00:00\",\"author\":{\"@id\":\"\"},\"breadcrumb\":{\"@id\":\"http:\/\/127.0.0.1\/colibri-page-builder-1-0-276-cross-site-scripting-almacenada-autenticada-contributor-a-traves-del-shortcode-colibri_video_player\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"http:\/\/127.0.0.1\/colibri-page-builder-1-0-276-cross-site-scripting-almacenada-autenticada-contributor-a-traves-del-shortcode-colibri_video_player\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"http:\/\/127.0.0.1\/colibri-page-builder-1-0-276-cross-site-scripting-almacenada-autenticada-contributor-a-traves-del-shortcode-colibri_video_player\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"http:\/\/127.0.0.1\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Colibri Page Builder <= 1.0.276 – Cross-Site Scripting almacenada autenticada (Contributor+) a trav\u00e9s del shortcode colibri_video_player\"}]},{\"@type\":\"WebSite\",\"@id\":\"http:\/\/127.0.0.1\/#website\",\"url\":\"http:\/\/127.0.0.1\/\",\"name\":\"SeguridadWordPress.es\",\"description\":\"Recopilaci\u00f3n de vulnerabilidades WordPress.\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"http:\/\/127.0.0.1\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Colibri Page Builder <= 1.0.276 - Cross-Site Scripting almacenada autenticada (Contributor+) a trav\u00e9s del shortcode colibri_video_player - SeguridadWordPress.es","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"http:\/\/127.0.0.1\/colibri-page-builder-1-0-276-cross-site-scripting-almacenada-autenticada-contributor-a-traves-del-shortcode-colibri_video_player\/","og_locale":"en_US","og_type":"article","og_title":"Colibri Page Builder <= 1.0.276 - Cross-Site Scripting almacenada autenticada (Contributor+) a trav\u00e9s del shortcode colibri_video_player - SeguridadWordPress.es","og_description":"La vulnerabilidad CVE-2024-4451 encontrada en el plugin Colibri Page Builder para WordPress permite a atacantes autenticados con acceso de nivel contribuidor o superior, inyectar scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina comprometida. La versi\u00f3n 1.0.276 y anteriores del plugin Colibri Page Builder son susceptibles a […]","og_url":"http:\/\/127.0.0.1\/colibri-page-builder-1-0-276-cross-site-scripting-almacenada-autenticada-contributor-a-traves-del-shortcode-colibri_video_player\/","og_site_name":"SeguridadWordPress.es","article_published_time":"2024-06-06T18:45:09+00:00","twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"http:\/\/127.0.0.1\/colibri-page-builder-1-0-276-cross-site-scripting-almacenada-autenticada-contributor-a-traves-del-shortcode-colibri_video_player\/","url":"http:\/\/127.0.0.1\/colibri-page-builder-1-0-276-cross-site-scripting-almacenada-autenticada-contributor-a-traves-del-shortcode-colibri_video_player\/","name":"Colibri Page Builder <= 1.0.276 - Cross-Site Scripting almacenada autenticada (Contributor+) a trav\u00e9s del shortcode colibri_video_player - SeguridadWordPress.es","isPartOf":{"@id":"http:\/\/127.0.0.1\/#website"},"datePublished":"2024-06-06T18:45:09+00:00","dateModified":"2024-06-06T18:45:09+00:00","author":{"@id":""},"breadcrumb":{"@id":"http:\/\/127.0.0.1\/colibri-page-builder-1-0-276-cross-site-scripting-almacenada-autenticada-contributor-a-traves-del-shortcode-colibri_video_player\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["http:\/\/127.0.0.1\/colibri-page-builder-1-0-276-cross-site-scripting-almacenada-autenticada-contributor-a-traves-del-shortcode-colibri_video_player\/"]}]},{"@type":"BreadcrumbList","@id":"http:\/\/127.0.0.1\/colibri-page-builder-1-0-276-cross-site-scripting-almacenada-autenticada-contributor-a-traves-del-shortcode-colibri_video_player\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"http:\/\/127.0.0.1\/"},{"@type":"ListItem","position":2,"name":"Colibri Page Builder <= 1.0.276 – Cross-Site Scripting almacenada autenticada (Contributor+) a trav\u00e9s del shortcode colibri_video_player"}]},{"@type":"WebSite","@id":"http:\/\/127.0.0.1\/#website","url":"http:\/\/127.0.0.1\/","name":"SeguridadWordPress.es","description":"Recopilaci\u00f3n de vulnerabilidades WordPress.","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"http:\/\/127.0.0.1\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"}]}},"amp_enabled":true,"_links":{"self":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts\/3969"}],"collection":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/comments?post=3969"}],"version-history":[{"count":0,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts\/3969\/revisions"}],"wp:attachment":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/media?parent=3969"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/categories?post=3969"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/tags?post=3969"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}