WordPress 10Web Booster plugin <= 2.32.7 - Authenticated (Subscriber+) Arbitrary Folder Deletion via two_clear_page_cache vulnerability

Authenticated Subscriber+ Arbitrary Folder Deletion via twoclearpagecache vulnerability discovered by shark3y in WordPress Plugin 10Web Booster – Website speed optimization, Cache & Page Speed optimizer versions = 2.32.7...

Exploit for CVE-2025-1337

CVE-2025-13377 – 10Web Booster ≤ 2.32.7 – Authenticated Arbitr...

CVE-2023-5559

The 10Web Booster WordPress plugin before 2.24.18 does not validate the option name given to some AJAX actions, allowing unauthenticated users to delete arbitrary options from the database, leading to denial of service...

Design/Logic Flaw

The 10Web Booster WordPress plugin before 2.24.18 does not validate the option name given to some AJAX actions, allowing unauthenticated users to delete arbitrary options from the database, leading to denial of service...

CVE-2023-5559

The CVE-2023-5559 entry concerns the WordPress plugin 10Web Booster (before version 2.24.18). The vulnerability arises because the plugin does not validate the option name in certain AJAX actions, allowing unauthenticated users to delete arbitrary options from the WordPress database, which leads ...

PT-2023-32175

Name of the Vulnerable Software and Affected Versions 10Web Booster WordPress plugin versions prior to 2.24.18 Description The issue allows unauthenticated users to delete arbitrary options from the database, leading to denial of service, due to the lack of validation of the option name given to...

10Web Booster < 2.24.18 - Unauthenticated Arbitrary Option Deletion

Description The plugin does not validate the option name given to some AJAX actions, allowing unauthenticated users to delete arbitrary options from the database, leading to denial of service. fetch"http://127.0.0.1:8001/wp-admin/admin-ajax.php", "headers": "content-type":...

WordPress 10Web Booster – Website speed optimization, Cache & Page Speed optimizer Plugin <= 2.24.14 is vulnerable to Settings Change

Software 10Web Booster – Website speed optimization, Cache & Page Speed optimizer Type Plugin Vulnerable versions = 2.24.14 Fixed in 2.24.18 OWASP Top 10 A3: Injection Classification Settings Change CVE N/A Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 75375faf9c46...

WordPress 10Web Booster – Website speed optimization, Cache & Page Speed optimizer Plugin <= 2.13.44 is vulnerable to Cross Site Scripting (XSS)

Software 10Web Booster – Website speed optimization, Cache & Page Speed optimizer Type Plugin Vulnerable versions = 2.13.44 Fixed in 2.13.45 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE N/A Patch priority High CVSS severity High 7.1 Developer Claim ownersh...

WordPress 10Web Booster – Website speed optimization, Cache & Page Speed optimizer Plugin <= 2.12.22 is vulnerable to SQL Injection

Software 10Web Booster – Website speed optimization, Cache & Page Speed optimizer Type Plugin Vulnerable versions = 2.12.22 Fixed in 2.12.23 OWASP Top 10 A1: Injection Classification SQL Injection CVE N/A Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID e811de61c5fb Credi...