{"id":4199,"date":"2024-07-02T19:45:18","date_gmt":"2024-07-02T19:45:18","guid":{"rendered":"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-almacenado-en-the-plus-addons-for-elementor\/"},"modified":"2024-07-02T19:45:18","modified_gmt":"2024-07-02T19:45:18","slug":"vulnerabilidad-de-cross-site-scripting-almacenado-en-the-plus-addons-for-elementor","status":"publish","type":"post","link":"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-almacenado-en-the-plus-addons-for-elementor\/","title":{"rendered":"Vulnerabilidad de Cross-Site Scripting almacenado en The Plus Addons for Elementor"},"content":{"rendered":"<div>Se ha descubierto una vulnerabilidad de Cross-Site Scripting almacenado en el plugin The Plus Addons for Elementor que podr\u00eda ser explotada por atacantes autenticados para ejecutar scripts maliciosos en las p\u00e1ginas de un sitio web WordPress.<\/div>\n<p><\/p>\n<div>La vulnerabilidad CVE-2024-4482 afecta a las versiones del plugin The Plus Addons for Elementor hasta la versi\u00f3n 5.6.1. Esta vulnerabilidad se debe a una sanitizaci\u00f3n insuficiente de la entrada y a la escapada de la salida en el atributo &#8216;text_days&#8217; suministrado por el usuario en el widget &#8216;Countdown&#8217;. Esto permite a los atacantes autenticados, con acceso de nivel contribuidor o superior, inyectar scripts web arbitrarios en las p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a la p\u00e1gina inyectada.<\/div>\n<div>Para mitigar esta vulnerabilidad, se recomienda a los usuarios actualizar a la \u00faltima versi\u00f3n del plugin The Plus Addons for Elementor y estar atentos a futuras actualizaciones de seguridad. Adem\u00e1s, se aconseja a los administradores de sitios web validar y filtrar adecuadamente cualquier entrada de usuario para evitar la ejecuci\u00f3n de scripts maliciosos.<\/div>\n","protected":false},"excerpt":{"rendered":"<p>Se ha descubierto una vulnerabilidad de Cross-Site Scripting almacenado en el plugin The Plus Addons for Elementor que podr\u00eda ser explotada por atacantes autenticados para ejecutar scripts maliciosos en las p\u00e1ginas de un sitio web WordPress. La vulnerabilidad CVE-2024-4482 afecta a las versiones del plugin The Plus Addons for Elementor hasta la versi\u00f3n 5.6.1. Esta [&hellip;]<\/p>\n","protected":false},"author":0,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[1907],"class_list":["post-4199","post","type-post","status-publish","format-standard","hentry","category-uncategorized","tag-cve-2024-4482"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v21.8 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Vulnerabilidad de Cross-Site Scripting almacenado en The Plus Addons for Elementor - SeguridadWordPress.es<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-almacenado-en-the-plus-addons-for-elementor\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Vulnerabilidad de Cross-Site Scripting almacenado en The Plus Addons for Elementor - SeguridadWordPress.es\" \/>\n<meta property=\"og:description\" content=\"Se ha descubierto una vulnerabilidad de Cross-Site Scripting almacenado en el plugin The Plus Addons for Elementor que podr\u00eda ser explotada por atacantes autenticados para ejecutar scripts maliciosos en las p\u00e1ginas de un sitio web WordPress. La vulnerabilidad CVE-2024-4482 afecta a las versiones del plugin The Plus Addons for Elementor hasta la versi\u00f3n 5.6.1. Esta [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-almacenado-en-the-plus-addons-for-elementor\/\" \/>\n<meta property=\"og:site_name\" content=\"SeguridadWordPress.es\" \/>\n<meta property=\"article:published_time\" content=\"2024-07-02T19:45:18+00:00\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-almacenado-en-the-plus-addons-for-elementor\/\",\"url\":\"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-almacenado-en-the-plus-addons-for-elementor\/\",\"name\":\"Vulnerabilidad de Cross-Site Scripting almacenado en The Plus Addons for Elementor - SeguridadWordPress.es\",\"isPartOf\":{\"@id\":\"http:\/\/127.0.0.1\/#website\"},\"datePublished\":\"2024-07-02T19:45:18+00:00\",\"dateModified\":\"2024-07-02T19:45:18+00:00\",\"author\":{\"@id\":\"\"},\"breadcrumb\":{\"@id\":\"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-almacenado-en-the-plus-addons-for-elementor\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-almacenado-en-the-plus-addons-for-elementor\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-almacenado-en-the-plus-addons-for-elementor\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"http:\/\/127.0.0.1\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Vulnerabilidad de Cross-Site Scripting almacenado en The Plus Addons for Elementor\"}]},{\"@type\":\"WebSite\",\"@id\":\"http:\/\/127.0.0.1\/#website\",\"url\":\"http:\/\/127.0.0.1\/\",\"name\":\"SeguridadWordPress.es\",\"description\":\"Recopilaci\u00f3n de vulnerabilidades WordPress.\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"http:\/\/127.0.0.1\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Vulnerabilidad de Cross-Site Scripting almacenado en The Plus Addons for Elementor - SeguridadWordPress.es","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-almacenado-en-the-plus-addons-for-elementor\/","og_locale":"en_US","og_type":"article","og_title":"Vulnerabilidad de Cross-Site Scripting almacenado en The Plus Addons for Elementor - SeguridadWordPress.es","og_description":"Se ha descubierto una vulnerabilidad de Cross-Site Scripting almacenado en el plugin The Plus Addons for Elementor que podr\u00eda ser explotada por atacantes autenticados para ejecutar scripts maliciosos en las p\u00e1ginas de un sitio web WordPress. La vulnerabilidad CVE-2024-4482 afecta a las versiones del plugin The Plus Addons for Elementor hasta la versi\u00f3n 5.6.1. Esta [&hellip;]","og_url":"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-almacenado-en-the-plus-addons-for-elementor\/","og_site_name":"SeguridadWordPress.es","article_published_time":"2024-07-02T19:45:18+00:00","twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-almacenado-en-the-plus-addons-for-elementor\/","url":"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-almacenado-en-the-plus-addons-for-elementor\/","name":"Vulnerabilidad de Cross-Site Scripting almacenado en The Plus Addons for Elementor - SeguridadWordPress.es","isPartOf":{"@id":"http:\/\/127.0.0.1\/#website"},"datePublished":"2024-07-02T19:45:18+00:00","dateModified":"2024-07-02T19:45:18+00:00","author":{"@id":""},"breadcrumb":{"@id":"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-almacenado-en-the-plus-addons-for-elementor\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-almacenado-en-the-plus-addons-for-elementor\/"]}]},{"@type":"BreadcrumbList","@id":"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-almacenado-en-the-plus-addons-for-elementor\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"http:\/\/127.0.0.1\/"},{"@type":"ListItem","position":2,"name":"Vulnerabilidad de Cross-Site Scripting almacenado en The Plus Addons for Elementor"}]},{"@type":"WebSite","@id":"http:\/\/127.0.0.1\/#website","url":"http:\/\/127.0.0.1\/","name":"SeguridadWordPress.es","description":"Recopilaci\u00f3n de vulnerabilidades WordPress.","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"http:\/\/127.0.0.1\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"}]}},"amp_enabled":true,"_links":{"self":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts\/4199"}],"collection":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/comments?post=4199"}],"version-history":[{"count":0,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts\/4199\/revisions"}],"wp:attachment":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/media?parent=4199"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/categories?post=4199"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/tags?post=4199"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}