Lucene search
WPScanCVELIST:CVE-2023-0336HistoryMar 27, 2023 - 3:37 p.m.
CVE-2023-0336 OoohBoi Steroids for Elementor < 2.1.5 - Subscriber+ Attachment Deletion
2023-03-2715:37:38
WPScan
www.cve.org
2
ooohboi steroids
elementor
wordpress
csrf
access control
attachment deletion
The OoohBoi Steroids for Elementor WordPress plugin before 2.1.5 has CSRF and broken access control vulnerabilities which leads user with role as low as subscriber to delete attachment.
CNA Affected
[
{
"vendor": "Unknown",
"product": "OoohBoi Steroids for Elementor",
"versions": [
{
"status": "affected",
"versionType": "custom",
"version": "0",
"lessThan": "2.1.5"
}
],
"defaultStatus": "unaffected",
"collectionURL": "https://wordpress.org/plugins"
}
]Related
wpvulndb
wpvulndb
OoohBoi Steroids for Elementor < 2.1.5 - Subscriber+ Attachment Deletion
2023-02-28 00:00:00
prion
prion
Improper access control
2023-03-27 16:15:00
nvd
nvd
CVE-2023-0336
2023-03-27 16:15:08
cve
cve
CVE-2023-0336
2023-03-27 16:15:08
wpexploit
wpexploit
OoohBoi Steroids for Elementor < 2.1.5 - Subscriber+ Attachment Deletion
2023-02-28 00:00:00
wordfence
wordfence