CSRF and Broken Access Control Vulnerabilities in OoohBoi Steroids for Elementor WordPress Plugin

CSRF and Broken Access Control Vulnerabilities in OoohBoi Steroids for Elementor WordPress Plugin

CVE-2023-0336 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

The OoohBoi Steroids for Elementor WordPress plugin before 2.1.5 has CSRF and broken access control vulnerabilities which leads user with role as low as subscriber to delete attachment.

Learn more about our Wordpress Pen Testing.