Lucene search
HistoryMar 27, 2023 - 4:15 p.m.
CVE-2023-0336
ooohboi
steroids
elementor
wordpress
csrf
access control
vulnerabilities
attachment
delete
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
EPSS
0.001
Percentile
20.0%
The OoohBoi Steroids for Elementor WordPress plugin before 2.1.5 has CSRF and broken access control vulnerabilities which leads user with role as low as subscriber to delete attachment.
Affected configurations
Node
ooohboi_steroids_for_elementor_projectooohboi_steroids_for_elementorRange<2.1.5wordpress
| Vendor | Product | Version | CPE |
|---|---|---|---|
| ooohboi_steroids_for_elementor_project | ooohboi_steroids_for_elementor | * | cpe:2.3:a:ooohboi_steroids_for_elementor_project:ooohboi_steroids_for_elementor:*:*:*:*:*:wordpress:*:* |
Related
wpvulndb
wpvulndb
OoohBoi Steroids for Elementor < 2.1.5 - Subscriber+ Attachment Deletion
2023-02-28 00:00:00
prion
prion
Improper access control
2023-03-27 16:15:00
cvelist
cvelist
cve
cve
CVE-2023-0336
2023-03-27 16:15:08
wpexploit
wpexploit
OoohBoi Steroids for Elementor < 2.1.5 - Subscriber+ Attachment Deletion
2023-02-28 00:00:00
wordfence
wordfence
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
EPSS
0.001
Percentile
20.0%
Related for NVD:CVE-2023-0336