VYPR

Ooohboi Steroids For Elementor

by WordPress

Source repositories

CVEs (3)

  • CVE-2026-3034MedMar 5, 2026
    risk 0.42cvss 6.4epss 0.00

    The OoohBoi Steroids for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the _ob_spacerat_link, _ob_bbad_link, and _ob_teleporter_link URL parameters in all versions up to, and including, 2.1.24. This makes it possible for authenticated attackers,…

  • CVE-2023-0336MedMar 27, 2023
    risk 0.42cvss 6.5epss 0.01

    The OoohBoi Steroids for Elementor WordPress plugin before 2.1.5 has CSRF and broken access control vulnerabilities which leads user with role as low as subscriber to delete attachment.

  • CVE-2023-1169MedJun 9, 2023
    risk 0.21cvss 4.3epss 0.01

    The OoohBoi Steroids for Elementor plugin for WordPress is vulnerable to missing authorization due to a missing capability check on the 'file_uploader_callback' function in versions up to, and including, 2.1.4. This makes it possible for subscriber-level attackers to upload…