Beta

Report

OoohBoi Steroids for Elementor <= 2.1.4 is vulnerable to Missing Authorization leading to Authenticated (Subscriber+) Image Upload vulnerability

Subscriber
Published
2023-04-18

The OoohBoi Steroids for Elementor plugin for WordPress is vulnerable to missing authorization due to a missing capability check on the 'file_uploader_callback' function in versions up to, and including, 2.1.4. This makes it possible for subscriber-level attackers to upload image attachments to the site.

CVE

https://www.cve.org/CVERecord?id=CVE-2023-1169

CVSS

Score:4.3

Severity:Medium

Version: 2.1.4

There is a patch available in v2.1.5 and we strongly recommend you update to this version as soon as possible.