{"id":4319,"date":"2024-07-17T20:45:23","date_gmt":"2024-07-17T20:45:23","guid":{"rendered":"http:\/\/127.0.0.1\/element-pack-elementor-addons-header-footer-template-library-dynamic-grid-carousel-remote-arrows-5-6-11-cross-site-scripting-xss-almacenado-autenticado-contribuidor\/"},"modified":"2024-07-17T20:45:23","modified_gmt":"2024-07-17T20:45:23","slug":"element-pack-elementor-addons-header-footer-template-library-dynamic-grid-carousel-remote-arrows-5-6-11-cross-site-scripting-xss-almacenado-autenticado-contribuidor","status":"publish","type":"post","link":"http:\/\/127.0.0.1\/element-pack-elementor-addons-header-footer-template-library-dynamic-grid-carousel-remote-arrows-5-6-11-cross-site-scripting-xss-almacenado-autenticado-contribuidor\/","title":{"rendered":"Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.6.11 – Cross-Site Scripting (XSS) Almacenado Autenticado (Contribuidor+)"},"content":{"rendered":"
El plugin Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) para WordPress es vulnerable a Cross-Site Scripting (XSS) almacenado a trav\u00e9s del par\u00e1metro ‘onclick_event’ en todas las versiones hasta, e incluyendo, 5.6.11 debido a una sanitizaci\u00f3n insuficiente de la entrada y escapado de salida. Esto permite a atacantes autenticados, con acceso de nivel Contribuidor o superior, inyectar scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada.<\/div>\n

<\/p>\n

Para subsanar este problema, los usuarios deben actualizar el plugin Element Pack Elementor Addons a la versi\u00f3n 5.6.12 o superior, en la cual se han implementado correcciones de seguridad para mitigar esta vulnerabilidad. Adem\u00e1s, se recomienda a los administradores del sitio web que limiten estrictamente los permisos de los roles de usuario, evitando otorgar acceso de Contribuidor o superior a usuarios no confiables para reducir el riesgo de explotaci\u00f3n de vulnerabilidades XSS almacenadas.<\/div>\n
Mantener todos los plugins y temas de WordPress actualizados es esencial para proteger tu sitio web contra posibles vulnerabilidades de seguridad. Adem\u00e1s, es importante seguir las mejores pr\u00e1cticas de seguridad, como limitar los permisos de los usuarios y realizar copias de seguridad peri\u00f3dicas, para mantener tu sitio web seguro y protegido contra amenazas en l\u00ednea.<\/div>\n","protected":false},"excerpt":{"rendered":"

El plugin Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) para WordPress es vulnerable a Cross-Site Scripting (XSS) almacenado a trav\u00e9s del par\u00e1metro ‘onclick_event’ en todas las versiones hasta, e incluyendo, 5.6.11 debido a una sanitizaci\u00f3n insuficiente de la entrada y escapado de salida. Esto permite a atacantes autenticados, […]<\/p>\n","protected":false},"author":0,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[2027],"class_list":["post-4319","post","type-post","status-publish","format-standard","hentry","category-uncategorized","tag-cve-2024-5554"],"yoast_head":"\nElement Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.6.11 - Cross-Site Scripting (XSS) Almacenado Autenticado (Contribuidor+) - SeguridadWordPress.es<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"http:\/\/127.0.0.1\/element-pack-elementor-addons-header-footer-template-library-dynamic-grid-carousel-remote-arrows-5-6-11-cross-site-scripting-xss-almacenado-autenticado-contribuidor\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.6.11 - Cross-Site Scripting (XSS) Almacenado Autenticado (Contribuidor+) - SeguridadWordPress.es\" \/>\n<meta property=\"og:description\" content=\"El plugin Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) para WordPress es vulnerable a Cross-Site Scripting (XSS) almacenado a trav\u00e9s del par\u00e1metro ‘onclick_event’ en todas las versiones hasta, e incluyendo, 5.6.11 debido a una sanitizaci\u00f3n insuficiente de la entrada y escapado de salida. Esto permite a atacantes autenticados, […]\" \/>\n<meta property=\"og:url\" content=\"http:\/\/127.0.0.1\/element-pack-elementor-addons-header-footer-template-library-dynamic-grid-carousel-remote-arrows-5-6-11-cross-site-scripting-xss-almacenado-autenticado-contribuidor\/\" \/>\n<meta property=\"og:site_name\" content=\"SeguridadWordPress.es\" \/>\n<meta property=\"article:published_time\" content=\"2024-07-17T20:45:23+00:00\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"http:\/\/127.0.0.1\/element-pack-elementor-addons-header-footer-template-library-dynamic-grid-carousel-remote-arrows-5-6-11-cross-site-scripting-xss-almacenado-autenticado-contribuidor\/\",\"url\":\"http:\/\/127.0.0.1\/element-pack-elementor-addons-header-footer-template-library-dynamic-grid-carousel-remote-arrows-5-6-11-cross-site-scripting-xss-almacenado-autenticado-contribuidor\/\",\"name\":\"Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.6.11 - Cross-Site Scripting (XSS) Almacenado Autenticado (Contribuidor+) - SeguridadWordPress.es\",\"isPartOf\":{\"@id\":\"http:\/\/127.0.0.1\/#website\"},\"datePublished\":\"2024-07-17T20:45:23+00:00\",\"dateModified\":\"2024-07-17T20:45:23+00:00\",\"author\":{\"@id\":\"\"},\"breadcrumb\":{\"@id\":\"http:\/\/127.0.0.1\/element-pack-elementor-addons-header-footer-template-library-dynamic-grid-carousel-remote-arrows-5-6-11-cross-site-scripting-xss-almacenado-autenticado-contribuidor\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"http:\/\/127.0.0.1\/element-pack-elementor-addons-header-footer-template-library-dynamic-grid-carousel-remote-arrows-5-6-11-cross-site-scripting-xss-almacenado-autenticado-contribuidor\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"http:\/\/127.0.0.1\/element-pack-elementor-addons-header-footer-template-library-dynamic-grid-carousel-remote-arrows-5-6-11-cross-site-scripting-xss-almacenado-autenticado-contribuidor\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"http:\/\/127.0.0.1\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.6.11 – Cross-Site Scripting (XSS) Almacenado Autenticado (Contribuidor+)\"}]},{\"@type\":\"WebSite\",\"@id\":\"http:\/\/127.0.0.1\/#website\",\"url\":\"http:\/\/127.0.0.1\/\",\"name\":\"SeguridadWordPress.es\",\"description\":\"Recopilaci\u00f3n de vulnerabilidades WordPress.\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"http:\/\/127.0.0.1\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.6.11 - Cross-Site Scripting (XSS) Almacenado Autenticado (Contribuidor+) - SeguridadWordPress.es","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"http:\/\/127.0.0.1\/element-pack-elementor-addons-header-footer-template-library-dynamic-grid-carousel-remote-arrows-5-6-11-cross-site-scripting-xss-almacenado-autenticado-contribuidor\/","og_locale":"en_US","og_type":"article","og_title":"Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.6.11 - Cross-Site Scripting (XSS) Almacenado Autenticado (Contribuidor+) - SeguridadWordPress.es","og_description":"El plugin Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) para WordPress es vulnerable a Cross-Site Scripting (XSS) almacenado a trav\u00e9s del par\u00e1metro ‘onclick_event’ en todas las versiones hasta, e incluyendo, 5.6.11 debido a una sanitizaci\u00f3n insuficiente de la entrada y escapado de salida. Esto permite a atacantes autenticados, […]","og_url":"http:\/\/127.0.0.1\/element-pack-elementor-addons-header-footer-template-library-dynamic-grid-carousel-remote-arrows-5-6-11-cross-site-scripting-xss-almacenado-autenticado-contribuidor\/","og_site_name":"SeguridadWordPress.es","article_published_time":"2024-07-17T20:45:23+00:00","twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"http:\/\/127.0.0.1\/element-pack-elementor-addons-header-footer-template-library-dynamic-grid-carousel-remote-arrows-5-6-11-cross-site-scripting-xss-almacenado-autenticado-contribuidor\/","url":"http:\/\/127.0.0.1\/element-pack-elementor-addons-header-footer-template-library-dynamic-grid-carousel-remote-arrows-5-6-11-cross-site-scripting-xss-almacenado-autenticado-contribuidor\/","name":"Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.6.11 - Cross-Site Scripting (XSS) Almacenado Autenticado (Contribuidor+) - SeguridadWordPress.es","isPartOf":{"@id":"http:\/\/127.0.0.1\/#website"},"datePublished":"2024-07-17T20:45:23+00:00","dateModified":"2024-07-17T20:45:23+00:00","author":{"@id":""},"breadcrumb":{"@id":"http:\/\/127.0.0.1\/element-pack-elementor-addons-header-footer-template-library-dynamic-grid-carousel-remote-arrows-5-6-11-cross-site-scripting-xss-almacenado-autenticado-contribuidor\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["http:\/\/127.0.0.1\/element-pack-elementor-addons-header-footer-template-library-dynamic-grid-carousel-remote-arrows-5-6-11-cross-site-scripting-xss-almacenado-autenticado-contribuidor\/"]}]},{"@type":"BreadcrumbList","@id":"http:\/\/127.0.0.1\/element-pack-elementor-addons-header-footer-template-library-dynamic-grid-carousel-remote-arrows-5-6-11-cross-site-scripting-xss-almacenado-autenticado-contribuidor\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"http:\/\/127.0.0.1\/"},{"@type":"ListItem","position":2,"name":"Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.6.11 – Cross-Site Scripting (XSS) Almacenado Autenticado (Contribuidor+)"}]},{"@type":"WebSite","@id":"http:\/\/127.0.0.1\/#website","url":"http:\/\/127.0.0.1\/","name":"SeguridadWordPress.es","description":"Recopilaci\u00f3n de vulnerabilidades WordPress.","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"http:\/\/127.0.0.1\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"}]}},"amp_enabled":true,"_links":{"self":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts\/4319"}],"collection":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/comments?post=4319"}],"version-history":[{"count":0,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts\/4319\/revisions"}],"wp:attachment":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/media?parent=4319"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/categories?post=4319"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/tags?post=4319"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}