Vulnerability Description
The OoohBoi Steroids for Elementor WordPress plugin before 2.1.5 has CSRF and broken access control vulnerabilities which leads user with role as low as subscriber to delete attachment.
CVSS Score
6.5
MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ooohboi Steroids For Elementor Project | Ooohboi Steroids For Elementor | < 2.1.5 |
Related Weaknesses (CWE)
References
- https://wpscan.com/vulnerability/ac74df9a-6fbf-4411-a501-97eba1ad1895ExploitThird Party Advisory
- https://wpscan.com/vulnerability/ac74df9a-6fbf-4411-a501-97eba1ad1895ExploitThird Party Advisory
FAQ
What is CVE-2023-0336?
CVE-2023-0336 is a vulnerability with a CVSS score of 6.5 (MEDIUM). The OoohBoi Steroids for Elementor WordPress plugin before 2.1.5 has CSRF and broken access control vulnerabilities which leads user with role as low as subscriber to delete attachment.
How severe is CVE-2023-0336?
CVE-2023-0336 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-0336?
Check the references section above for vendor advisories and patch information. Affected products include: Ooohboi Steroids For Elementor Project Ooohboi Steroids For Elementor.