Cloud Vulnerability DB
A community-led vulnerabilities database
Vulnerability DatabaseCVE-2023-0336
CVE-2023-0336:
WordPress vulnerability analysis and mitigation
Overview
CVE-2023-0336 affects the OoohBoi Steroids for Elementor WordPress plugin versions before 2.1.5. The vulnerability was discovered and publicly disclosed on February 28, 2023, with the last update made on March 28, 2023 (WPScan).
Technical details
The vulnerability combines CSRF (Cross-Site Request Forgery) and broken access control vulnerabilities, which allows users with roles as low as subscriber to delete attachments. The vulnerability has been assigned a CVSS score of 4.3 (medium) and is classified under CWE-862. It falls under the OWASP Top 10 category A5: Broken Access Control (WPScan).
Impact
When exploited, this vulnerability allows unauthorized users with subscriber-level access to delete media attachments from the WordPress installation, potentially leading to content loss and disruption of website functionality (WPScan).
Mitigation and workarounds
The vulnerability has been fixed in version 2.1.5 of the OoohBoi Steroids for Elementor plugin. Users are advised to update to this version or later to mitigate the security risk (WPScan).
Additional resources
Source: This report was generated using AI
Related WordPress vulnerabilities:
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Additional Wiz resources
Get a personalized demo
Ready to see Wiz in action?
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management