{"id":4190,"date":"2024-07-01T22:45:12","date_gmt":"2024-07-01T22:45:12","guid":{"rendered":"http:\/\/127.0.0.1\/ultimate-blocks-wordpress-blocks-plugin-3-1-9-cross-site-scripting-almacenado-autenticado-contributor-a-traves-de-varios-bloques\/"},"modified":"2024-07-01T22:45:12","modified_gmt":"2024-07-01T22:45:12","slug":"ultimate-blocks-wordpress-blocks-plugin-3-1-9-cross-site-scripting-almacenado-autenticado-contributor-a-traves-de-varios-bloques","status":"publish","type":"post","link":"http:\/\/127.0.0.1\/ultimate-blocks-wordpress-blocks-plugin-3-1-9-cross-site-scripting-almacenado-autenticado-contributor-a-traves-de-varios-bloques\/","title":{"rendered":"Ultimate Blocks \u2013 WordPress Blocks Plugin <= 3.1.9 – Cross-Site Scripting almacenado autenticado (Contributor+) a trav\u00e9s de varios bloques"},"content":{"rendered":"
El plugin Ultimate Blocks – WordPress Blocks Plugin para WordPress es vulnerable a Cross-Site Scripting almacenado a trav\u00e9s de los bloques del plugin en todas las versiones hasta, e incluyendo, 3.1.9 debido a una insuficiente sanitizaci\u00f3n de entradas y escape de salida en atributos suministrados por el usuario. Esto permite que atacantes autenticados, con acceso de nivel contribuyente y superior, inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cuando un usuario acceda a una p\u00e1gina inyectada.<\/div>\n

<\/p>\n

Esta vulnerabilidad de Cross-Site Scripting almacenado podr\u00eda permitir a un atacante cargar c\u00f3digo JavaScript malicioso en una p\u00e1gina web de WordPress, que luego se ejecutar\u00eda en el navegador de cualquier usuario que visite la p\u00e1gina comprometida. Para mitigar este riesgo, se recomienda a los usuarios actualizar el plugin Ultimate Blocks a la \u00faltima versi\u00f3n disponible, en este caso 3.2.0, que corrige esta vulnerabilidad. Adem\u00e1s, se recomienda tener cuidado al otorgar permisos de contribuyente y administrador a usuarios no confiables para reducir el riesgo de explotaci\u00f3n.<\/div>\n
Es crucial que los usuarios de Ultimate Blocks – WordPress Blocks Plugin actualicen a la \u00faltima versi\u00f3n disponible lo antes posible para protegerse contra cualquier explotaci\u00f3n de esta vulnerabilidad de Cross-Site Scripting almacenado. Al tomar medidas proactivas para mantener sus plugins actualizados y restringir adecuadamente los permisos de los usuarios, se puede reducir significativamente el riesgo de compromiso de seguridad en un sitio WordPress.<\/div>\n","protected":false},"excerpt":{"rendered":"

El plugin Ultimate Blocks – WordPress Blocks Plugin para WordPress es vulnerable a Cross-Site Scripting almacenado a trav\u00e9s de los bloques del plugin en todas las versiones hasta, e incluyendo, 3.1.9 debido a una insuficiente sanitizaci\u00f3n de entradas y escape de salida en atributos suministrados por el usuario. Esto permite que atacantes autenticados, con acceso […]<\/p>\n","protected":false},"author":0,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[1898],"class_list":["post-4190","post","type-post","status-publish","format-standard","hentry","category-uncategorized","tag-cve-2024-4268"],"yoast_head":"\nUltimate Blocks \u2013 WordPress Blocks Plugin <= 3.1.9 - Cross-Site Scripting almacenado autenticado (Contributor+) a trav\u00e9s de varios bloques - SeguridadWordPress.es<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"http:\/\/127.0.0.1\/ultimate-blocks-wordpress-blocks-plugin-3-1-9-cross-site-scripting-almacenado-autenticado-contributor-a-traves-de-varios-bloques\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Ultimate Blocks \u2013 WordPress Blocks Plugin <= 3.1.9 - Cross-Site Scripting almacenado autenticado (Contributor+) a trav\u00e9s de varios bloques - SeguridadWordPress.es\" \/>\n<meta property=\"og:description\" content=\"El plugin Ultimate Blocks – WordPress Blocks Plugin para WordPress es vulnerable a Cross-Site Scripting almacenado a trav\u00e9s de los bloques del plugin en todas las versiones hasta, e incluyendo, 3.1.9 debido a una insuficiente sanitizaci\u00f3n de entradas y escape de salida en atributos suministrados por el usuario. Esto permite que atacantes autenticados, con acceso […]\" \/>\n<meta property=\"og:url\" content=\"http:\/\/127.0.0.1\/ultimate-blocks-wordpress-blocks-plugin-3-1-9-cross-site-scripting-almacenado-autenticado-contributor-a-traves-de-varios-bloques\/\" \/>\n<meta property=\"og:site_name\" content=\"SeguridadWordPress.es\" \/>\n<meta property=\"article:published_time\" content=\"2024-07-01T22:45:12+00:00\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"http:\/\/127.0.0.1\/ultimate-blocks-wordpress-blocks-plugin-3-1-9-cross-site-scripting-almacenado-autenticado-contributor-a-traves-de-varios-bloques\/\",\"url\":\"http:\/\/127.0.0.1\/ultimate-blocks-wordpress-blocks-plugin-3-1-9-cross-site-scripting-almacenado-autenticado-contributor-a-traves-de-varios-bloques\/\",\"name\":\"Ultimate Blocks \u2013 WordPress Blocks Plugin <= 3.1.9 - Cross-Site Scripting almacenado autenticado (Contributor+) a trav\u00e9s de varios bloques - SeguridadWordPress.es\",\"isPartOf\":{\"@id\":\"http:\/\/127.0.0.1\/#website\"},\"datePublished\":\"2024-07-01T22:45:12+00:00\",\"dateModified\":\"2024-07-01T22:45:12+00:00\",\"author\":{\"@id\":\"\"},\"breadcrumb\":{\"@id\":\"http:\/\/127.0.0.1\/ultimate-blocks-wordpress-blocks-plugin-3-1-9-cross-site-scripting-almacenado-autenticado-contributor-a-traves-de-varios-bloques\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"http:\/\/127.0.0.1\/ultimate-blocks-wordpress-blocks-plugin-3-1-9-cross-site-scripting-almacenado-autenticado-contributor-a-traves-de-varios-bloques\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"http:\/\/127.0.0.1\/ultimate-blocks-wordpress-blocks-plugin-3-1-9-cross-site-scripting-almacenado-autenticado-contributor-a-traves-de-varios-bloques\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"http:\/\/127.0.0.1\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Ultimate Blocks \u2013 WordPress Blocks Plugin <= 3.1.9 – Cross-Site Scripting almacenado autenticado (Contributor+) a trav\u00e9s de varios bloques\"}]},{\"@type\":\"WebSite\",\"@id\":\"http:\/\/127.0.0.1\/#website\",\"url\":\"http:\/\/127.0.0.1\/\",\"name\":\"SeguridadWordPress.es\",\"description\":\"Recopilaci\u00f3n de vulnerabilidades WordPress.\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"http:\/\/127.0.0.1\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Ultimate Blocks \u2013 WordPress Blocks Plugin <= 3.1.9 - Cross-Site Scripting almacenado autenticado (Contributor+) a trav\u00e9s de varios bloques - SeguridadWordPress.es","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"http:\/\/127.0.0.1\/ultimate-blocks-wordpress-blocks-plugin-3-1-9-cross-site-scripting-almacenado-autenticado-contributor-a-traves-de-varios-bloques\/","og_locale":"en_US","og_type":"article","og_title":"Ultimate Blocks \u2013 WordPress Blocks Plugin <= 3.1.9 - Cross-Site Scripting almacenado autenticado (Contributor+) a trav\u00e9s de varios bloques - SeguridadWordPress.es","og_description":"El plugin Ultimate Blocks – WordPress Blocks Plugin para WordPress es vulnerable a Cross-Site Scripting almacenado a trav\u00e9s de los bloques del plugin en todas las versiones hasta, e incluyendo, 3.1.9 debido a una insuficiente sanitizaci\u00f3n de entradas y escape de salida en atributos suministrados por el usuario. Esto permite que atacantes autenticados, con acceso […]","og_url":"http:\/\/127.0.0.1\/ultimate-blocks-wordpress-blocks-plugin-3-1-9-cross-site-scripting-almacenado-autenticado-contributor-a-traves-de-varios-bloques\/","og_site_name":"SeguridadWordPress.es","article_published_time":"2024-07-01T22:45:12+00:00","twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"http:\/\/127.0.0.1\/ultimate-blocks-wordpress-blocks-plugin-3-1-9-cross-site-scripting-almacenado-autenticado-contributor-a-traves-de-varios-bloques\/","url":"http:\/\/127.0.0.1\/ultimate-blocks-wordpress-blocks-plugin-3-1-9-cross-site-scripting-almacenado-autenticado-contributor-a-traves-de-varios-bloques\/","name":"Ultimate Blocks \u2013 WordPress Blocks Plugin <= 3.1.9 - Cross-Site Scripting almacenado autenticado (Contributor+) a trav\u00e9s de varios bloques - SeguridadWordPress.es","isPartOf":{"@id":"http:\/\/127.0.0.1\/#website"},"datePublished":"2024-07-01T22:45:12+00:00","dateModified":"2024-07-01T22:45:12+00:00","author":{"@id":""},"breadcrumb":{"@id":"http:\/\/127.0.0.1\/ultimate-blocks-wordpress-blocks-plugin-3-1-9-cross-site-scripting-almacenado-autenticado-contributor-a-traves-de-varios-bloques\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["http:\/\/127.0.0.1\/ultimate-blocks-wordpress-blocks-plugin-3-1-9-cross-site-scripting-almacenado-autenticado-contributor-a-traves-de-varios-bloques\/"]}]},{"@type":"BreadcrumbList","@id":"http:\/\/127.0.0.1\/ultimate-blocks-wordpress-blocks-plugin-3-1-9-cross-site-scripting-almacenado-autenticado-contributor-a-traves-de-varios-bloques\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"http:\/\/127.0.0.1\/"},{"@type":"ListItem","position":2,"name":"Ultimate Blocks \u2013 WordPress Blocks Plugin <= 3.1.9 – Cross-Site Scripting almacenado autenticado (Contributor+) a trav\u00e9s de varios bloques"}]},{"@type":"WebSite","@id":"http:\/\/127.0.0.1\/#website","url":"http:\/\/127.0.0.1\/","name":"SeguridadWordPress.es","description":"Recopilaci\u00f3n de vulnerabilidades WordPress.","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"http:\/\/127.0.0.1\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"}]}},"amp_enabled":true,"_links":{"self":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts\/4190"}],"collection":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/comments?post=4190"}],"version-history":[{"count":0,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts\/4190\/revisions"}],"wp:attachment":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/media?parent=4190"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/categories?post=4190"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/tags?post=4190"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}