CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

NVD•added 2026/03/05 4:15 a.m.•6 views

Exploits0References6

CVE-2026-3034

6.4CVSS0.00197EPSS

ATTACKERKB•added 2026/03/05 3:23 a.m.•2 views

CVE-2026-3034

Vulnrichment•added 2026/03/05 3:23 a.m.•3 views

Exploits0References6

CVE-2026-3034 OoohBoi Steroids for Elementor <= 2.1.24 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple URL Controls

CVE•added 2026/03/05 3:23 a.m.•34 views

CVE-2026-3034

CVE-2026-3034 — OoohBoi Steroids for Elementor (WordPress) supports Stored Cross-Site Scripting via _ob_spacerat_link, _ob_bbad_link, and _ob_teleporter_link parameters in all versions up to 2.1.24. The vulnerability permits authenticated attackers with Contributor-level access or higher to injec...

Cvelist•added 2026/03/05 3:23 a.m.•29 views

CVE-2026-3034 OoohBoi Steroids for Elementor <= 2.1.24 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple URL Controls

6.4CVSS0.00197EPSS

CNNVD•added 2026/03/05 12:0 a.m.•4 views

WordPress plugin OoohBoi Steroids for Elementor 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

6.4CVSS5.7AI score0.00197EPSS

Patchstack•added 2026/03/04 10:56 p.m.•4 views

WordPress OoohBoi Steroids for Elementor plugin <= 2.1.24 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple URL Controls vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Multiple URL Controls vulnerability discovered by Osvaldo Noe Gonzalez Del Rio Os - cyberdogzmarketing.com | krei.dev | ogbuilders.io in WordPress Plugin OoohBoi Steroids for Elementor versions = 2.1.24...

6.4CVSS5.9AI score0.00197EPSS

Exploits0References1Affected Software1

RedhatCVE•added 2025/05/23 5:34 a.m.•4 views

CVE-2023-0336

The OoohBoi Steroids for Elementor WordPress plugin before 2.1.5 has CSRF and broken access control vulnerabilities which leads user with role as low as subscriber to delete attachment...

6.5CVSS7AI score0.01003EPSS

RedhatCVE•added 2025/05/23 2:31 a.m.•4 views

CVE-2023-1169

The OoohBoi Steroids for Elementor plugin for WordPress is vulnerable to missing authorization due to a missing capability check on the 'fileuploadercallback' function in versions up to, and including, 2.1.4. This makes it possible for subscriber-level attackers to upload image attachments to the...

4.3CVSS7.1AI score0.00573EPSS

Exploits0References1

Vulnrichment•added 2023/06/09 5:33 a.m.•34 views

CVE-2023-1169 OoohBoi Steroids for Elementor <= 2.1.4 - Missing Authorization leading to Authenticated (Subscriber+) Image Upload

4.3CVSS6.6AI score0.00573EPSS

Exploits0References3

Cvelist•added 2023/06/09 5:33 a.m.•15 views

CVE-2023-1169 OoohBoi Steroids for Elementor <= 2.1.4 - Missing Authorization leading to Authenticated (Subscriber+) Image Upload

4.3CVSS4.8AI score0.00573EPSS

Exploits0References3

CVE•added 2023/06/09 5:33 a.m.•42 views

CVE-2023-1169

CVE-2023-1169 affects the WordPress plugin OoohBoi Steroids for Elementor . The root cause is a missing capability check in the function file_uploader_callback , allowing an unauthorised user with subscriber privileges to upload image attachments. Affected versions are up to and including 2.1.4 ;...

4.3CVSS4.4AI score0.00573EPSS

Exploits0References3Affected Software1

WPVulnDB•added 2023/04/18 12:0 a.m.•14 views

OoohBoi Steroids for Elementor < 2.1.5 - Arbitrary File Upload

The plugin does not properly protect its fileuploadercallback function with capability checks, which makes it possible for attackers with a low-privilege account, like subscribers, to upload image attachments to the site...

4.3CVSS6.9AI score0.00573EPSS

Exploits0Affected Software1

Patchstack•added 2023/03/28 12:0 a.m.•8 views

WordPress OoohBoi Steroids for Elementor Plugin <= 2.1.4 is vulnerable to Arbitrary File Deletion

Software OoohBoi Steroids for Elementor Type Plugin Vulnerable versions = 2.1.4 Fixed in 2.1.5 OWASP Top 10 A5: Broken Access Control Classification Arbitrary File Deletion CVE CVE-2023-0336 Patch priority High CVSS severity High 7.7 Developer Claim ownership PSID 0eee208c0039 Credits Lana Codes...

6.5CVSS6.5AI score0.01003EPSS

Exploits2References4Affected Software1

OSV•added 2023/03/27 4:15 p.m.•1 views

CVE-2023-0336

The OoohBoi Steroids for Elementor WordPress plugin before 2.1.5 has CSRF and broken access control vulnerabilities which leads user with role as low as subscriber to delete attachment...

6.5CVSS6.9AI score0.01003EPSS

NVD•added 2023/03/27 4:15 p.m.•11 views

CVE-2023-0336

The OoohBoi Steroids for Elementor WordPress plugin before 2.1.5 has CSRF and broken access control vulnerabilities which leads user with role as low as subscriber to delete attachment...

6.5CVSS6.7AI score0.01003EPSS

Vulnrichment•added 2023/03/27 3:37 p.m.•7 views

CVE-2023-0336 OoohBoi Steroids for Elementor < 2.1.5 - Subscriber+ Attachment Deletion

The OoohBoi Steroids for Elementor WordPress plugin before 2.1.5 has CSRF and broken access control vulnerabilities which leads user with role as low as subscriber to delete attachment...

6.7AI score0.01003EPSS

Cvelist•added 2023/03/27 3:37 p.m.•15 views

CVE-2023-0336 OoohBoi Steroids for Elementor < 2.1.5 - Subscriber+ Attachment Deletion

The OoohBoi Steroids for Elementor WordPress plugin before 2.1.5 has CSRF and broken access control vulnerabilities which leads user with role as low as subscriber to delete attachment...

6.9AI score0.01003EPSS