Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
6.4
OoohBoi Steroids for Elementor plugin allows attackers to inject malicious scripts
CVE-2026-3034
Summary
The OoohBoi Steroids for Elementor plugin for WordPress is vulnerable to a security risk where attackers can inject malicious code into a website. This can happen when an authenticated user with contributor-level access or above clicks on a specially crafted link. To protect your website, update the plugin to the latest version or remove it if you're not using it.
Original title
The OoohBoi Steroids for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the _ob_spacerat_link, _ob_bbad_link, and _ob_teleporter_link URL parameters in all versions...
Original description
The OoohBoi Steroids for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the _ob_spacerat_link, _ob_bbad_link, and _ob_teleporter_link URL parameters in all versions up to, and including, 2.1.24. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user clicks on the injected element.
nvd CVSS3.1
6.4
Vulnerability type
CWE-79
Cross-site Scripting (XSS)
- https://wordpress.org/plugins/ooohboi-steroids-for-elementor/#developers
- https://plugins.trac.wordpress.org/browser/ooohboi-steroids-for-elementor/tags/2...
- https://plugins.trac.wordpress.org/browser/ooohboi-steroids-for-elementor/tags/2...
- https://plugins.trac.wordpress.org/browser/ooohboi-steroids-for-elementor/tags/2...
- https://www.wordfence.com/threat-intel/vulnerabilities/id/9c2de78e-8530-416b-ade...
Published: 5 Mar 2026 · Updated: 13 Mar 2026 · First seen: 6 Mar 2026