{"id":4275,"date":"2024-07-12T00:45:08","date_gmt":"2024-07-12T00:45:08","guid":{"rendered":"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-en-premium-addons-for-elementor-4-10-36\/"},"modified":"2024-07-12T00:45:08","modified_gmt":"2024-07-12T00:45:08","slug":"vulnerabilidad-de-cross-site-scripting-en-premium-addons-for-elementor-4-10-36","status":"publish","type":"post","link":"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-en-premium-addons-for-elementor-4-10-36\/","title":{"rendered":"Vulnerabilidad de Cross-Site Scripting en Premium Addons for Elementor <= 4.10.36"},"content":{"rendered":"
Se ha descubierto una vulnerabilidad de Cross-Site Scripting en el plugin Premium Addons for Elementor para WordPress que afecta a todas las versiones hasta la 4.10.36. Esta vulnerabilidad permite a atacantes autenticados, con acceso de contribuidor o superior, inyectar scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cuando un usuario acceda a la p\u00e1gina comprometida.<\/div>\n

<\/p>\n

La vulnerabilidad de Cross-Site Scripting (XSS) se produce en el widget de texto animado del plugin debido a la falta de sanitizaci\u00f3n de la entrada del usuario y escape de salida. Esto significa que los atacantes pueden insertar c\u00f3digo malicioso que se ejecutar\u00e1 en el navegador del usuario que visite la p\u00e1gina comprometida. Para mitigar este riesgo, se recomienda a los usuarios actualizar a la \u00faltima versi\u00f3n del plugin y revisar las configuraciones de seguridad de WordPress para limitar el acceso de los usuarios hasta que se haya corregido la vulnerabilidad.<\/div>\n
Es fundamental mantener actualizados todos los plugins y temas de WordPress para protegerse contra posibles vulnerabilidades de seguridad. En este caso, actualizar a la \u00faltima versi\u00f3n de Premium Addons for Elementor ayudar\u00e1 a evitar posibles ataques de Cross-Site Scripting.<\/div>\n","protected":false},"excerpt":{"rendered":"

Se ha descubierto una vulnerabilidad de Cross-Site Scripting en el plugin Premium Addons for Elementor para WordPress que afecta a todas las versiones hasta la 4.10.36. Esta vulnerabilidad permite a atacantes autenticados, con acceso de contribuidor o superior, inyectar scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cuando un usuario acceda a la p\u00e1gina comprometida. […]<\/p>\n","protected":false},"author":0,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[1983],"class_list":["post-4275","post","type-post","status-publish","format-standard","hentry","category-uncategorized","tag-cve-2024-6495"],"yoast_head":"\nVulnerabilidad de Cross-Site Scripting en Premium Addons for Elementor <= 4.10.36 - SeguridadWordPress.es<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-en-premium-addons-for-elementor-4-10-36\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Vulnerabilidad de Cross-Site Scripting en Premium Addons for Elementor <= 4.10.36 - SeguridadWordPress.es\" \/>\n<meta property=\"og:description\" content=\"Se ha descubierto una vulnerabilidad de Cross-Site Scripting en el plugin Premium Addons for Elementor para WordPress que afecta a todas las versiones hasta la 4.10.36. Esta vulnerabilidad permite a atacantes autenticados, con acceso de contribuidor o superior, inyectar scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cuando un usuario acceda a la p\u00e1gina comprometida. […]\" \/>\n<meta property=\"og:url\" content=\"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-en-premium-addons-for-elementor-4-10-36\/\" \/>\n<meta property=\"og:site_name\" content=\"SeguridadWordPress.es\" \/>\n<meta property=\"article:published_time\" content=\"2024-07-12T00:45:08+00:00\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-en-premium-addons-for-elementor-4-10-36\/\",\"url\":\"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-en-premium-addons-for-elementor-4-10-36\/\",\"name\":\"Vulnerabilidad de Cross-Site Scripting en Premium Addons for Elementor <= 4.10.36 - SeguridadWordPress.es\",\"isPartOf\":{\"@id\":\"http:\/\/127.0.0.1\/#website\"},\"datePublished\":\"2024-07-12T00:45:08+00:00\",\"dateModified\":\"2024-07-12T00:45:08+00:00\",\"author\":{\"@id\":\"\"},\"breadcrumb\":{\"@id\":\"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-en-premium-addons-for-elementor-4-10-36\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-en-premium-addons-for-elementor-4-10-36\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-en-premium-addons-for-elementor-4-10-36\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"http:\/\/127.0.0.1\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Vulnerabilidad de Cross-Site Scripting en Premium Addons for Elementor <= 4.10.36\"}]},{\"@type\":\"WebSite\",\"@id\":\"http:\/\/127.0.0.1\/#website\",\"url\":\"http:\/\/127.0.0.1\/\",\"name\":\"SeguridadWordPress.es\",\"description\":\"Recopilaci\u00f3n de vulnerabilidades WordPress.\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"http:\/\/127.0.0.1\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Vulnerabilidad de Cross-Site Scripting en Premium Addons for Elementor <= 4.10.36 - SeguridadWordPress.es","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-en-premium-addons-for-elementor-4-10-36\/","og_locale":"en_US","og_type":"article","og_title":"Vulnerabilidad de Cross-Site Scripting en Premium Addons for Elementor <= 4.10.36 - SeguridadWordPress.es","og_description":"Se ha descubierto una vulnerabilidad de Cross-Site Scripting en el plugin Premium Addons for Elementor para WordPress que afecta a todas las versiones hasta la 4.10.36. Esta vulnerabilidad permite a atacantes autenticados, con acceso de contribuidor o superior, inyectar scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cuando un usuario acceda a la p\u00e1gina comprometida. […]","og_url":"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-en-premium-addons-for-elementor-4-10-36\/","og_site_name":"SeguridadWordPress.es","article_published_time":"2024-07-12T00:45:08+00:00","twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-en-premium-addons-for-elementor-4-10-36\/","url":"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-en-premium-addons-for-elementor-4-10-36\/","name":"Vulnerabilidad de Cross-Site Scripting en Premium Addons for Elementor <= 4.10.36 - SeguridadWordPress.es","isPartOf":{"@id":"http:\/\/127.0.0.1\/#website"},"datePublished":"2024-07-12T00:45:08+00:00","dateModified":"2024-07-12T00:45:08+00:00","author":{"@id":""},"breadcrumb":{"@id":"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-en-premium-addons-for-elementor-4-10-36\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-en-premium-addons-for-elementor-4-10-36\/"]}]},{"@type":"BreadcrumbList","@id":"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-en-premium-addons-for-elementor-4-10-36\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"http:\/\/127.0.0.1\/"},{"@type":"ListItem","position":2,"name":"Vulnerabilidad de Cross-Site Scripting en Premium Addons for Elementor <= 4.10.36"}]},{"@type":"WebSite","@id":"http:\/\/127.0.0.1\/#website","url":"http:\/\/127.0.0.1\/","name":"SeguridadWordPress.es","description":"Recopilaci\u00f3n de vulnerabilidades WordPress.","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"http:\/\/127.0.0.1\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"}]}},"amp_enabled":true,"_links":{"self":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts\/4275"}],"collection":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/comments?post=4275"}],"version-history":[{"count":0,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts\/4275\/revisions"}],"wp:attachment":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/media?parent=4275"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/categories?post=4275"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/tags?post=4275"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}