Executive Summary

The vulnerability in the OoohBoi Steroids for Elementor WordPress plugin is a Stored Cross-Site Scripting (XSS) issue. It affects all versions up to and including 2.1.24 and involves the URL parameters _ob_spacerat_link, _ob_bbad_link, and _ob_teleporter_link.

Authenticated attackers with Contributor-level access or higher can exploit this vulnerability by injecting arbitrary web scripts into pages. These scripts execute whenever a user clicks on the injected element, potentially compromising user interactions.

Useful 0 Not Useful 0

Impact Analysis

This Stored Cross-Site Scripting vulnerability can allow attackers with certain access privileges to inject malicious scripts into web pages. When other users interact with these elements, the malicious scripts execute, which can lead to unauthorized actions such as stealing session tokens, redirecting users to malicious sites, or performing actions on behalf of the user.

Because the vulnerability requires Contributor-level access or above, it primarily impacts sites where multiple users have editing permissions, increasing the risk of insider threats or compromised accounts.

The CVSS score of 6.4 indicates a medium severity, reflecting that the attack vector is network-based, requires low attack complexity, and privileges, but no user interaction is needed for the script to execute once injected.

Useful 0 Not Useful 0

Compliance Impact

I don't know

Useful 0 Not Useful 0

Detection Guidance

[{'type': 'paragraph', 'content': 'This vulnerability involves Stored Cross-Site Scripting via specific URL parameters (_ob_spacerat_link, _ob_bbad_link, and _ob_teleporter_link) in the OoohBoi Steroids for Elementor plugin up to version 2.1.24. Detection can focus on identifying usage or presence of these parameters in HTTP requests or monitoring for suspicious script injections in pages using this plugin.'}, {'type': 'paragraph', 'content': 'Since the vulnerability requires authenticated users with Contributor-level access or higher to inject scripts, monitoring authenticated user activity for unusual URL parameters or injected scripts is important.'}, {'type': 'list_item', 'content': 'Use web server or proxy logs to search for requests containing the parameters _ob_spacerat_link, _ob_bbad_link, or _ob_teleporter_link.'}, {'type': 'list_item', 'content': "Example command to search Apache or Nginx logs for these parameters: grep -E '_ob_spacerat_link|_ob_bbad_link|_ob_teleporter_link' /var/log/apache2/access.log"}, {'type': 'list_item', 'content': 'Use a web vulnerability scanner or custom scripts to detect stored XSS payloads in pages rendered by the plugin.'}, {'type': 'list_item', 'content': "Inspect the frontend elements with CSS classes like 'ob-spacerat', 'ob-is-breaking-bad', or 'ob-is-teleporter' which are linked to the vulnerable features."}] [1, 4]

Useful 0 Not Useful 0

Mitigation Strategies

The primary mitigation step is to update the OoohBoi Steroids for Elementor plugin to version 2.1.25 or later, where the security vulnerabilities related to the Spacerat, Breaking Bad, and Teleporter link controls have been fixed.

Until the update can be applied, restrict Contributor-level and higher user permissions to trusted users only, as the vulnerability requires authenticated users with such access to exploit.

Consider disabling or removing the vulnerable plugin if an immediate update is not possible.

Monitor and audit user-generated content and URL parameters for suspicious script injections.

Implement Web Application Firewall (WAF) rules to block requests containing the vulnerable URL parameters or suspicious payloads.

Useful 0 Not Useful 0