CVE-2026-3034
Published
CVSS v3
6.4
MEDIUM
CVSS v2
N/A
Affected
1
PROJECT
Description
The OoohBoi Steroids for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the _ob_spacerat_link, _ob_bbad_link, and _ob_teleporter_link URL parameters in all versions up to, and including, 2.1.24. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user clicks on the injected element.
<p>An awesome set of tools, options and settings that expand Elementor defaults. Instead of creating new Elementor Widgets, these act like an upgrade of existing options or the self-standing panels thing.</p>
<h3>What is new?</h3>
<h4>Fix for the disappearing ‘Glider’ slider</h4>
<ul>
<li>Add/remove/update preview image</li>
<li>Export and Import with preview</li>
<li>Works with any 3rd party plugin</li>
<li>Cross-domain friendly</li>
<li>WP Admin integration</li>
<li>Bulk-export and bulk-import support</li>
<li>Keep template name on export</li>
</ul>
<h3>Complete Full Tutorial of OoohBoi Extensions <a href="https://www.youtube.com/playlist?list=PLFRO-irWzXaJtlEHcu5yc6azFrvtPKXn0" rel="nofollow ugc"> Watch Now</a></h3>
WordPress Plugin Directory