CVE-2023-0336

MEDIUM

OoohBoi Steroids for Elementor < 2.1.5 - Unauthenticated Attachment Deletion via CSRF and Broken Access Control

Title source: llm
STIX 2.1

Description

The OoohBoi Steroids for Elementor WordPress plugin before 2.1.5 has CSRF and broken access control vulnerabilities which leads user with role as low as subscriber to delete attachment.

References (1)

Core 1
Core References
Exploit, Third Party Advisory exploit vdb-entry technical-description
https://wpscan.com/vulnerability/ac74df9a-6fbf-4411-a501-97eba1ad1895

Scores

CVSS v3 6.5
EPSS 0.0100
EPSS Percentile 58.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-352 CWE-862
Status published
Products (1)
ooohboi_steroids_for_elementor_project/ooohboi_steroids_for_elementor < 2.1.5
Published Mar 27, 2023
Tracked Since Feb 18, 2026