cleantalk
Vulnerabilities and Security Researches

OoohBoi Steroids for Elementor, CVE-2023-1169

CVE, Research URL

CVE-2023-1169

Home page URL

Security reports for OoohBoi Steroids for Elementor

Application

OoohBoi Steroids for Elementor

Published on
Jun 09, 2023
Research Description
The OoohBoi Steroids for Elementor plugin for WordPress is vulnerable to missing authorization due to a missing capability check on the 'file_uploader_callback' function in versions up to, and including, 2.1.4. This makes it possible for subscriber-level attackers to upload image attachments to the site.
Affected versions
max 2.1.5.
Status
vulnerable
Previous vulnerability researches
OoohBoi Steroids for Elementor (CVE-2023-1169) , Jun 07, 2024
OoohBoi Steroids for Elementor (CVE-2023-0336) , Jun 07, 2024
New vulnerability
OOPSpam Anti-Spam (CVE-2026-32544) , Mar 31, 2026
NotificationX – Best FOMO, Social Proof, WooCommerce Sales Popup & Notification Bar Plugin With Elementor (CVE-2026-27042) , Mar 31, 2026
The Conference (CVE-2026-32335) , Mar 31, 2026
WP Booking System – Booking Calendar (CVE-2025-68515) , Mar 31, 2026
UPI QR Code Payment Gateway for WooCommerce (CVE-2025-67969) , Mar 31, 2026