{"id":5897,"date":"2021-03-18T19:22:34","date_gmt":"2021-03-18T19:22:34","guid":{"rendered":"https:\/\/musilda.cz\/?p=5897"},"modified":"2021-03-18T19:22:34","modified_gmt":"2021-03-18T19:22:34","slug":"elementor-obsahuje-xss-zranitelnost-ohrozujici-miliony-webu","status":"publish","type":"post","link":"https:\/\/affinite.io\/cs\/elementor-obsahuje-xss-zranitelnost-ohrozujici-miliony-webu\/","title":{"rendered":"Elementor obsahuje XSS zranitelnost ohro\u017euj\u00edc\u00ed miliony web\u016f"},"content":{"rendered":"\n<p>T\u00fdm WordFence objevil p\u0159ed n\u011bkolika dny v\u00e1\u017enou zranitelnost v popul\u00e1rn\u00edm pluginu Elementor, kter\u00fd je v sou\u010dasn\u00e9 dob\u011b instalov\u00e1n na sedmi milionech web\u016f. <\/p>\n\n\n\n<p>Tak jak je zvykem, informoval p\u0159ed publikac\u00ed o zranitelnosti t\u00fdm v\u00fdvoj\u00e1\u0159\u016f Elementoru a ten druh\u00e9ho b\u0159ezna vydal verzi 3.1.2, jen\u017e zranitelnost opravuje. <\/p>\n\n\n\n<p>Pokud m\u00e1te na sv\u00e9m webu star\u0161\u00ed verzi, nev\u00e1hejte s aktualizac\u00ed, v\u00fdvoj\u00e1\u0159 doporu\u010duj\u00ed aktualizaci na 3.1.4, kter\u00e1 obsahuje dal\u0161\u00ed opravy t\u00e9to zranitelnosti. <\/p>\n\n\n\n<p>Elementor je jeden z page builder\u016f a obsahuje \u0159adu prvk\u016f, kter\u00e9 m\u016f\u017eete ve &#8222;vizu\u00e1ln\u00edm&#8220; m\u00f3du upravovat. <\/p>\n\n\n\n<p>Pom\u011brn\u011b hodn\u011b z t\u011bchto prvk\u016f, obsahuj\u00ed nastaven\u00ed &#8222;HTML tag&#8220;. Na screenu m\u016f\u017eete vid\u011bt toto nastaven\u00ed u elementu heading. <\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><a href=\"https:\/\/musilda.cz\/wp-content\/uploads\/2021\/03\/editheading.png\" target=\"_blank\" rel=\"noopener\"><img loading=\"lazy\" decoding=\"async\" width=\"653\" height=\"627\" src=\"https:\/\/musilda.cz\/wp-content\/uploads\/2021\/03\/editheading.png\" alt=\"\" class=\"wp-image-5898\" srcset=\"https:\/\/affinite.io\/cs\/wp-content\/uploads\/sites\/2\/2021\/03\/editheading.png 653w, https:\/\/affinite.io\/cs\/wp-content\/uploads\/sites\/2\/2021\/03\/editheading-300x288.png 300w\" sizes=\"(max-width: 653px) 100vw, 653px\" \/><\/a><\/figure>\n\n\n\n<p>Bohu\u017eel, Elementor p\u0159i ulo\u017een\u00ed na stran\u011b serveru, neprov\u00e1d\u00ed kontrolu a u\u017eivatel\u00e9, v\u010detn\u011b redaktora, jsou schopni ulo\u017eit spustiteln\u00fd javascript u postu, nebo str\u00e1nky. <\/p>\n\n\n\n<p>I kdy\u017e redaktor nem\u00e1 pr\u00e1vo publikovat, sta\u010d\u00ed, aby si \u0161\u00e9fredaktor zobrazil koncept a javascript se spust\u00ed. <\/p>\n\n\n\n<p>Bohu\u017eel, tato zranitelnost se net\u00fdk\u00e1 jen elementu heading, ale i dal\u0161\u00edch, jako je nejpou\u017e\u00edvan\u011bj\u0161\u00ed prvek &#8211; column. Ten akceptuje parametr html_tag a umo\u017e\u0148uje vlo\u017eit inline script, kter\u00fd m\u016f\u017ee nap\u0159\u00edklad na\u010d\u00edst \u0161kodliv\u00fd extern\u00ed js soubor.<\/p>\n\n\n\n<p>Dal\u0161\u00edmi elementy jsou accordion, icon box a image box. <\/p>\n\n\n\n<p>Pokud m\u00e1te tedy na webu verzi ni\u017e\u0161\u00ed, jak 3.1.2, nev\u00e1hejte s aktualizac\u00ed. <\/p>\n","protected":false},"excerpt":{"rendered":"<p>T\u00fdm WordFence objevil p\u0159ed n\u011bkolika dny v\u00e1\u017enou zranitelnost v popul\u00e1rn\u00edm pluginu Elementor, kter\u00fd je v sou\u010dasn\u00e9 dob\u011b instalov\u00e1n na sedmi milionech web\u016f. Tak jak je zvykem, informoval p\u0159ed publikac\u00ed o zranitelnosti t\u00fdm v\u00fdvoj\u00e1\u0159\u016f Elementoru a ten druh\u00e9ho b\u0159ezna vydal verzi 3.1.2, jen\u017e zranitelnost opravuje. Pokud m\u00e1te na sv\u00e9m webu star\u0161\u00ed verzi, nev\u00e1hejte s aktualizac\u00ed, v\u00fdvoj\u00e1\u0159<\/p>\n","protected":false},"author":1,"featured_media":9469,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"rank_math_lock_modified_date":false,"footnotes":""},"categories":[6],"tags":[],"class_list":["post-5897","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-bezpecnost-wordpressu"],"_links":{"self":[{"href":"https:\/\/affinite.io\/cs\/wp-json\/wp\/v2\/posts\/5897"}],"collection":[{"href":"https:\/\/affinite.io\/cs\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/affinite.io\/cs\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/affinite.io\/cs\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/affinite.io\/cs\/wp-json\/wp\/v2\/comments?post=5897"}],"version-history":[{"count":0,"href":"https:\/\/affinite.io\/cs\/wp-json\/wp\/v2\/posts\/5897\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/affinite.io\/cs\/wp-json\/wp\/v2\/media\/9469"}],"wp:attachment":[{"href":"https:\/\/affinite.io\/cs\/wp-json\/wp\/v2\/media?parent=5897"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/affinite.io\/cs\/wp-json\/wp\/v2\/categories?post=5897"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/affinite.io\/cs\/wp-json\/wp\/v2\/tags?post=5897"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}