MeldSecurity
Press Enter to search
CVE Database & Search →
Sign In Get Started

CVE-2026-3034

🟡 MEDIUM

The OoohBoi Steroids for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the _ob_spacerat_link, _ob_bbad_link, and _ob_teleporter_link URL parameters in all versions up...

Published
Mar 05, 2026
Last Modified
Mar 05, 2026
Views
3
Bookmarks
0

Description

Request Expert Review

The OoohBoi Steroids for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the _ob_spacerat_link, _ob_bbad_link, and _ob_teleporter_link URL parameters in all versions up to, and including, 2.1.24. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user clicks on the injected element.

CVSS Scores

CVSS 3.1 6.4
6.4
MEDIUM
CVSS 2.0 6.4

References

plugins.trac.wordpress.org plugins.trac.wordpress.org plugins.trac.wordpress.org wordpress.org www.wordfence.com

Additional Information

Source
security@wordfence.com
State
Received

Related CVEs

CVE-2026-3523

MEDIUM

The Apocalypse Meow plugin for WordPress is vulnerable to SQL Injection via the 'type' parameter in all versions up to, and including, 22.1.0. This is...

Score: 4.9

CVE-2026-2899

MEDIUM

The Fluent Forms Pro Add On Pack plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 6.1.17. This is due...

Score: 6.5

CVE-2026-2365

HIGH

The Fluent Forms Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `fluentform_step_form_save_data` AJAX action in all ver...

Score: 7.2

CVE-2026-26034

HIGH

UPS Multi-UPS Management Console (MUMC) version 01.06.0001 (A03) contains an Incorrect Default Permissions (CWE-276) vulnerability that allows an atta...

Score: 7.8

CVE-2026-26033

MEDIUM

UPS Multi-UPS Management Console (MUMC) version 01.06.0001 (A03) contains an Unquoted Search Path or Element (CWE-428) vulnerability, which allows a u...

Score: 6.7

CVE-2026-29086

MEDIUM

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to version 4.12.4, the setCookie() utility did not validat...

Score: 5.4

Share CVE-2026-3034

Share on Social Media

Copy Link

Embed Code

Request Expert Analysis

Request a professional security analysis for CVE-2026-3034 from our verified experts.

Credits System

Use your credits to get expert analysis from verified security professionals. Purchase more credits anytime!

Add 3 credits for accelerated delivery

Base Cost: 8 credits
Priority Upgrade: + credits
SLA Acceleration: +3 credits
Total Cost:
Your Balance:

Insufficient Credits

You need more credits to submit this request.

Buy Credits

Report Analysis