{"id":4018,"date":"2024-06-12T05:45:10","date_gmt":"2024-06-12T05:45:10","guid":{"rendered":"http:\/\/127.0.0.1\/divi-torque-lite-divi-theme-and-extra-theme-3-6-6-cross-site-scripting-mediante-carga-de-svg-autenticada-autor\/"},"modified":"2024-06-12T05:45:10","modified_gmt":"2024-06-12T05:45:10","slug":"divi-torque-lite-divi-theme-and-extra-theme-3-6-6-cross-site-scripting-mediante-carga-de-svg-autenticada-autor","status":"publish","type":"post","link":"http:\/\/127.0.0.1\/divi-torque-lite-divi-theme-and-extra-theme-3-6-6-cross-site-scripting-mediante-carga-de-svg-autenticada-autor\/","title":{"rendered":"Divi Torque Lite \u2013 Divi Theme and Extra Theme <= 3.6.6 – Cross-Site Scripting mediante carga de SVG autenticada (Autor+)"},"content":{"rendered":"
El plugin Divi Torque Lite \u2013 Divi Theme and Extra Theme para WordPress es vulnerable a Cross-Site Scripting almacenado a trav\u00e9s de la funci\u00f3n ‘support_unfiltered_files_upload’ en todas las versiones hasta, e incluyendo, la 3.6.6 debido a una sanitizaci\u00f3n insuficiente de la entrada y escape de salida. Esto permite a atacantes autenticados, con acceso de nivel Autor y superior, inyectar scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada.<\/div>\n

<\/p>\n

La falta de sanatizaci\u00f3n de la entrada y escape de salida en el plugin Divi Torque Lite puede resultar en la ejecuci\u00f3n de scripts maliciosos en las p\u00e1ginas del sitio. Los usuarios afectados por esta vulnerabilidad pueden mitigar el riesgo siguiendo estos pasos: 1. Actualizar el plugin a la \u00faltima versi\u00f3n disponible. 2. Limitar los permisos de los usuarios, evitando otorgar acceso de Autor o superior a usuarios no confiables. 3. Realizar una revisi\u00f3n activa de las entradas de los usuarios para detectar posibles scripts maliciosos insertados.<\/div>\n
Es fundamental tomar medidas proactivas para proteger tu sitio de posibles ataques de Cross-Site Scripting. Al mantener el plugin Divi Torque Lite actualizado y limitar el acceso de los usuarios, puedes reducir el riesgo de compromiso de seguridad. Recuerda siempre seguir las mejores pr\u00e1cticas de seguridad para garantizar la integridad de tu sitio WordPress.<\/div>\n","protected":false},"excerpt":{"rendered":"

El plugin Divi Torque Lite \u2013 Divi Theme and Extra Theme para WordPress es vulnerable a Cross-Site Scripting almacenado a trav\u00e9s de la funci\u00f3n ‘support_unfiltered_files_upload’ en todas las versiones hasta, e incluyendo, la 3.6.6 debido a una sanitizaci\u00f3n insuficiente de la entrada y escape de salida. Esto permite a atacantes autenticados, con acceso de nivel […]<\/p>\n","protected":false},"author":0,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[1728],"class_list":["post-4018","post","type-post","status-publish","format-standard","hentry","category-uncategorized","tag-cve-2024-5892"],"yoast_head":"\nDivi Torque Lite \u2013 Divi Theme and Extra Theme <= 3.6.6 - Cross-Site Scripting mediante carga de SVG autenticada (Autor+) - SeguridadWordPress.es<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"http:\/\/127.0.0.1\/divi-torque-lite-divi-theme-and-extra-theme-3-6-6-cross-site-scripting-mediante-carga-de-svg-autenticada-autor\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Divi Torque Lite \u2013 Divi Theme and Extra Theme <= 3.6.6 - Cross-Site Scripting mediante carga de SVG autenticada (Autor+) - SeguridadWordPress.es\" \/>\n<meta property=\"og:description\" content=\"El plugin Divi Torque Lite \u2013 Divi Theme and Extra Theme para WordPress es vulnerable a Cross-Site Scripting almacenado a trav\u00e9s de la funci\u00f3n ‘support_unfiltered_files_upload’ en todas las versiones hasta, e incluyendo, la 3.6.6 debido a una sanitizaci\u00f3n insuficiente de la entrada y escape de salida. Esto permite a atacantes autenticados, con acceso de nivel […]\" \/>\n<meta property=\"og:url\" content=\"http:\/\/127.0.0.1\/divi-torque-lite-divi-theme-and-extra-theme-3-6-6-cross-site-scripting-mediante-carga-de-svg-autenticada-autor\/\" \/>\n<meta property=\"og:site_name\" content=\"SeguridadWordPress.es\" \/>\n<meta property=\"article:published_time\" content=\"2024-06-12T05:45:10+00:00\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"http:\/\/127.0.0.1\/divi-torque-lite-divi-theme-and-extra-theme-3-6-6-cross-site-scripting-mediante-carga-de-svg-autenticada-autor\/\",\"url\":\"http:\/\/127.0.0.1\/divi-torque-lite-divi-theme-and-extra-theme-3-6-6-cross-site-scripting-mediante-carga-de-svg-autenticada-autor\/\",\"name\":\"Divi Torque Lite \u2013 Divi Theme and Extra Theme <= 3.6.6 - Cross-Site Scripting mediante carga de SVG autenticada (Autor+) - SeguridadWordPress.es\",\"isPartOf\":{\"@id\":\"http:\/\/127.0.0.1\/#website\"},\"datePublished\":\"2024-06-12T05:45:10+00:00\",\"dateModified\":\"2024-06-12T05:45:10+00:00\",\"author\":{\"@id\":\"\"},\"breadcrumb\":{\"@id\":\"http:\/\/127.0.0.1\/divi-torque-lite-divi-theme-and-extra-theme-3-6-6-cross-site-scripting-mediante-carga-de-svg-autenticada-autor\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"http:\/\/127.0.0.1\/divi-torque-lite-divi-theme-and-extra-theme-3-6-6-cross-site-scripting-mediante-carga-de-svg-autenticada-autor\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"http:\/\/127.0.0.1\/divi-torque-lite-divi-theme-and-extra-theme-3-6-6-cross-site-scripting-mediante-carga-de-svg-autenticada-autor\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"http:\/\/127.0.0.1\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Divi Torque Lite \u2013 Divi Theme and Extra Theme <= 3.6.6 – Cross-Site Scripting mediante carga de SVG autenticada (Autor+)\"}]},{\"@type\":\"WebSite\",\"@id\":\"http:\/\/127.0.0.1\/#website\",\"url\":\"http:\/\/127.0.0.1\/\",\"name\":\"SeguridadWordPress.es\",\"description\":\"Recopilaci\u00f3n de vulnerabilidades WordPress.\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"http:\/\/127.0.0.1\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Divi Torque Lite \u2013 Divi Theme and Extra Theme <= 3.6.6 - Cross-Site Scripting mediante carga de SVG autenticada (Autor+) - SeguridadWordPress.es","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"http:\/\/127.0.0.1\/divi-torque-lite-divi-theme-and-extra-theme-3-6-6-cross-site-scripting-mediante-carga-de-svg-autenticada-autor\/","og_locale":"en_US","og_type":"article","og_title":"Divi Torque Lite \u2013 Divi Theme and Extra Theme <= 3.6.6 - Cross-Site Scripting mediante carga de SVG autenticada (Autor+) - SeguridadWordPress.es","og_description":"El plugin Divi Torque Lite \u2013 Divi Theme and Extra Theme para WordPress es vulnerable a Cross-Site Scripting almacenado a trav\u00e9s de la funci\u00f3n ‘support_unfiltered_files_upload’ en todas las versiones hasta, e incluyendo, la 3.6.6 debido a una sanitizaci\u00f3n insuficiente de la entrada y escape de salida. Esto permite a atacantes autenticados, con acceso de nivel […]","og_url":"http:\/\/127.0.0.1\/divi-torque-lite-divi-theme-and-extra-theme-3-6-6-cross-site-scripting-mediante-carga-de-svg-autenticada-autor\/","og_site_name":"SeguridadWordPress.es","article_published_time":"2024-06-12T05:45:10+00:00","twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"http:\/\/127.0.0.1\/divi-torque-lite-divi-theme-and-extra-theme-3-6-6-cross-site-scripting-mediante-carga-de-svg-autenticada-autor\/","url":"http:\/\/127.0.0.1\/divi-torque-lite-divi-theme-and-extra-theme-3-6-6-cross-site-scripting-mediante-carga-de-svg-autenticada-autor\/","name":"Divi Torque Lite \u2013 Divi Theme and Extra Theme <= 3.6.6 - Cross-Site Scripting mediante carga de SVG autenticada (Autor+) - SeguridadWordPress.es","isPartOf":{"@id":"http:\/\/127.0.0.1\/#website"},"datePublished":"2024-06-12T05:45:10+00:00","dateModified":"2024-06-12T05:45:10+00:00","author":{"@id":""},"breadcrumb":{"@id":"http:\/\/127.0.0.1\/divi-torque-lite-divi-theme-and-extra-theme-3-6-6-cross-site-scripting-mediante-carga-de-svg-autenticada-autor\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["http:\/\/127.0.0.1\/divi-torque-lite-divi-theme-and-extra-theme-3-6-6-cross-site-scripting-mediante-carga-de-svg-autenticada-autor\/"]}]},{"@type":"BreadcrumbList","@id":"http:\/\/127.0.0.1\/divi-torque-lite-divi-theme-and-extra-theme-3-6-6-cross-site-scripting-mediante-carga-de-svg-autenticada-autor\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"http:\/\/127.0.0.1\/"},{"@type":"ListItem","position":2,"name":"Divi Torque Lite \u2013 Divi Theme and Extra Theme <= 3.6.6 – Cross-Site Scripting mediante carga de SVG autenticada (Autor+)"}]},{"@type":"WebSite","@id":"http:\/\/127.0.0.1\/#website","url":"http:\/\/127.0.0.1\/","name":"SeguridadWordPress.es","description":"Recopilaci\u00f3n de vulnerabilidades WordPress.","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"http:\/\/127.0.0.1\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"}]}},"amp_enabled":true,"_links":{"self":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts\/4018"}],"collection":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/comments?post=4018"}],"version-history":[{"count":0,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts\/4018\/revisions"}],"wp:attachment":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/media?parent=4018"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/categories?post=4018"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/tags?post=4018"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}