Description
The OoohBoi Steroids for Elementor WordPress plugin before 2.1.5 has CSRF and broken access control vulnerabilities which leads user with role as low as subscriber to delete attachment.
Related CPE's
References
https://wpscan.com/vulnerability/ac74df9a-6fbf-4411-a501-97eba1ad1895
ExploitThird Party Advisory
https://wpscan.com/vulnerability/ac74df9a-6fbf-4411-a501-97eba1ad1895
ExploitThird Party Advisory
CVSS impact metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
6.5 · Medium
CVSS V3.1
CVSS V3.0
CVSS V2.0
Information
Source identifier
Vulnerability status
Modified
Published
2023-03-27T16:15:08.067
2 years agoLast modified
2025-02-19T20:15:33.370
4 months ago