{"id":5170,"date":"2024-10-29T23:45:06","date_gmt":"2024-10-29T23:45:06","guid":{"rendered":"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-en-el-plugin-black-widgets-for-elementor-1-3-7\/"},"modified":"2024-10-29T23:45:06","modified_gmt":"2024-10-29T23:45:06","slug":"vulnerabilidad-de-cross-site-scripting-en-el-plugin-black-widgets-for-elementor-1-3-7","status":"publish","type":"post","link":"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-en-el-plugin-black-widgets-for-elementor-1-3-7\/","title":{"rendered":"Vulnerabilidad de Cross-Site Scripting en el plugin Black Widgets For Elementor <= 1.3.7"},"content":{"rendered":"
El plugin Black Widgets For Elementor para WordPress es vulnerable a Cross-Site Scripting almacenado a trav\u00e9s de la carga de archivos SVG en todas las versiones hasta, e incluyendo, la 1.3.7 debido a una insuficiente sanitizaci\u00f3n de entradas y escape de salida. Esto permite a atacantes autenticados, con acceso de nivel Autor y superior, inyectar scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda al archivo SVG.<\/div>\n

<\/p>\n

La vulnerabilidad CVE-2024-9388 en el plugin Black Widgets For Elementor <= 1.3.7 permite a atacantes autenticados realizar ataques de Cross-Site Scripting almacenado a trav\u00e9s de la carga de archivos SVG. Como soluci\u00f3n temporal, se recomienda a los usuarios deshabilitar temporalmente la carga de archivos SVG en el plugin y actualizar a la \u00faltima versi\u00f3n disponible que corrija esta vulnerabilidad.<\/div>\n
Es crucial que los usuarios de WordPress se mantengan actualizados con las \u00faltimas versiones de sus plugins para mitigar posibles vulnerabilidades de seguridad como esta. Adem\u00e1s, es importante seguir las mejores pr\u00e1cticas de seguridad, como limitar los privilegios de los usuarios y realizar auditor\u00edas regulares de seguridad.<\/div>\n","protected":false},"excerpt":{"rendered":"

El plugin Black Widgets For Elementor para WordPress es vulnerable a Cross-Site Scripting almacenado a trav\u00e9s de la carga de archivos SVG en todas las versiones hasta, e incluyendo, la 1.3.7 debido a una insuficiente sanitizaci\u00f3n de entradas y escape de salida. Esto permite a atacantes autenticados, con acceso de nivel Autor y superior, inyectar […]<\/p>\n","protected":false},"author":0,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[2858],"class_list":["post-5170","post","type-post","status-publish","format-standard","hentry","category-uncategorized","tag-cve-2024-9388"],"yoast_head":"\nVulnerabilidad de Cross-Site Scripting en el plugin Black Widgets For Elementor <= 1.3.7 - SeguridadWordPress.es<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-en-el-plugin-black-widgets-for-elementor-1-3-7\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Vulnerabilidad de Cross-Site Scripting en el plugin Black Widgets For Elementor <= 1.3.7 - SeguridadWordPress.es\" \/>\n<meta property=\"og:description\" content=\"El plugin Black Widgets For Elementor para WordPress es vulnerable a Cross-Site Scripting almacenado a trav\u00e9s de la carga de archivos SVG en todas las versiones hasta, e incluyendo, la 1.3.7 debido a una insuficiente sanitizaci\u00f3n de entradas y escape de salida. Esto permite a atacantes autenticados, con acceso de nivel Autor y superior, inyectar […]\" \/>\n<meta property=\"og:url\" content=\"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-en-el-plugin-black-widgets-for-elementor-1-3-7\/\" \/>\n<meta property=\"og:site_name\" content=\"SeguridadWordPress.es\" \/>\n<meta property=\"article:published_time\" content=\"2024-10-29T23:45:06+00:00\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-en-el-plugin-black-widgets-for-elementor-1-3-7\/\",\"url\":\"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-en-el-plugin-black-widgets-for-elementor-1-3-7\/\",\"name\":\"Vulnerabilidad de Cross-Site Scripting en el plugin Black Widgets For Elementor <= 1.3.7 - SeguridadWordPress.es\",\"isPartOf\":{\"@id\":\"http:\/\/127.0.0.1\/#website\"},\"datePublished\":\"2024-10-29T23:45:06+00:00\",\"dateModified\":\"2024-10-29T23:45:06+00:00\",\"author\":{\"@id\":\"\"},\"breadcrumb\":{\"@id\":\"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-en-el-plugin-black-widgets-for-elementor-1-3-7\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-en-el-plugin-black-widgets-for-elementor-1-3-7\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-en-el-plugin-black-widgets-for-elementor-1-3-7\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"http:\/\/127.0.0.1\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Vulnerabilidad de Cross-Site Scripting en el plugin Black Widgets For Elementor <= 1.3.7\"}]},{\"@type\":\"WebSite\",\"@id\":\"http:\/\/127.0.0.1\/#website\",\"url\":\"http:\/\/127.0.0.1\/\",\"name\":\"SeguridadWordPress.es\",\"description\":\"Recopilaci\u00f3n de vulnerabilidades WordPress.\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"http:\/\/127.0.0.1\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Vulnerabilidad de Cross-Site Scripting en el plugin Black Widgets For Elementor <= 1.3.7 - SeguridadWordPress.es","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-en-el-plugin-black-widgets-for-elementor-1-3-7\/","og_locale":"en_US","og_type":"article","og_title":"Vulnerabilidad de Cross-Site Scripting en el plugin Black Widgets For Elementor <= 1.3.7 - SeguridadWordPress.es","og_description":"El plugin Black Widgets For Elementor para WordPress es vulnerable a Cross-Site Scripting almacenado a trav\u00e9s de la carga de archivos SVG en todas las versiones hasta, e incluyendo, la 1.3.7 debido a una insuficiente sanitizaci\u00f3n de entradas y escape de salida. Esto permite a atacantes autenticados, con acceso de nivel Autor y superior, inyectar […]","og_url":"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-en-el-plugin-black-widgets-for-elementor-1-3-7\/","og_site_name":"SeguridadWordPress.es","article_published_time":"2024-10-29T23:45:06+00:00","twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-en-el-plugin-black-widgets-for-elementor-1-3-7\/","url":"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-en-el-plugin-black-widgets-for-elementor-1-3-7\/","name":"Vulnerabilidad de Cross-Site Scripting en el plugin Black Widgets For Elementor <= 1.3.7 - SeguridadWordPress.es","isPartOf":{"@id":"http:\/\/127.0.0.1\/#website"},"datePublished":"2024-10-29T23:45:06+00:00","dateModified":"2024-10-29T23:45:06+00:00","author":{"@id":""},"breadcrumb":{"@id":"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-en-el-plugin-black-widgets-for-elementor-1-3-7\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-en-el-plugin-black-widgets-for-elementor-1-3-7\/"]}]},{"@type":"BreadcrumbList","@id":"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-en-el-plugin-black-widgets-for-elementor-1-3-7\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"http:\/\/127.0.0.1\/"},{"@type":"ListItem","position":2,"name":"Vulnerabilidad de Cross-Site Scripting en el plugin Black Widgets For Elementor <= 1.3.7"}]},{"@type":"WebSite","@id":"http:\/\/127.0.0.1\/#website","url":"http:\/\/127.0.0.1\/","name":"SeguridadWordPress.es","description":"Recopilaci\u00f3n de vulnerabilidades WordPress.","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"http:\/\/127.0.0.1\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"}]}},"amp_enabled":true,"_links":{"self":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts\/5170"}],"collection":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/comments?post=5170"}],"version-history":[{"count":0,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts\/5170\/revisions"}],"wp:attachment":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/media?parent=5170"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/categories?post=5170"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/tags?post=5170"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}