CSRF and Broken Access Control Vulnerabilities in OoohBoi Steroids for Elementor WordPress Plugin
CVE-2023-0336 · MEDIUM Severity
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
The OoohBoi Steroids for Elementor WordPress plugin before 2.1.5 has CSRF and broken access control vulnerabilities which leads user with role as low as subscriber to delete attachment.
Learn more about our Wordpress Pen Testing.