Lucene search
WPScanCVE-2023-0336HistoryMar 27, 2023 - 4:15 p.m.
CVE-2023-0336
2023-03-2716:15:08
CWE-352
CWE-862
WPScan
web.nvd.nist.gov
33
ooohboi steroids
elementor
wordpress
plugin
csrf
access control
vulnerability
nvd
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
AI Score
6.6
Confidence
High
EPSS
0.001
Percentile
20.0%
The OoohBoi Steroids for Elementor WordPress plugin before 2.1.5 has CSRF and broken access control vulnerabilities which leads user with role as low as subscriber to delete attachment.
Affected configurations
Node
ooohboi_steroids_for_elementor_projectooohboi_steroids_for_elementorRange<2.1.5wordpress
| Vendor | Product | Version | CPE |
|---|---|---|---|
| ooohboi_steroids_for_elementor_project | ooohboi_steroids_for_elementor | * | cpe:2.3:a:ooohboi_steroids_for_elementor_project:ooohboi_steroids_for_elementor:*:*:*:*:*:wordpress:*:* |
CNA Affected
[
{
"vendor": "Unknown",
"product": "OoohBoi Steroids for Elementor",
"versions": [
{
"status": "affected",
"versionType": "custom",
"version": "0",
"lessThan": "2.1.5"
}
],
"defaultStatus": "unaffected",
"collectionURL": "https://wordpress.org/plugins"
}
]Related
wpvulndb
wpvulndb
OoohBoi Steroids for Elementor < 2.1.5 - Subscriber+ Attachment Deletion
2023-02-28 00:00:00
prion
prion
Improper access control
2023-03-27 16:15:00
cvelist
cvelist
nvd
nvd
CVE-2023-0336
2023-03-27 16:15:08
wpexploit
wpexploit
OoohBoi Steroids for Elementor < 2.1.5 - Subscriber+ Attachment Deletion
2023-02-28 00:00:00
wordfence
wordfence
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
AI Score
6.6
Confidence
High
EPSS
0.001
Percentile
20.0%
Related for CVE-2023-0336