10Web Booster < 2.24.18 - Unauthenticated Arbitrary Option Deletion

The 10Web Booster WordPress plugin before 2.24.18 does not validate the option name given to some AJAX actions, allowing unauthenticated users to delete arbitrary options from the database, leading to denial of service. id: CVE-2023-5559 info: name: 10Web Booster 2.24.18 - Unauthenticated Arbitra...

Exploit for CVE-2025-13377

CVE-2025-13377 – 10Web Booster ≤ 2.32.7 – Authenticated Arbitr...

CVE-2025-13377

The 10Web Booster – Website speed optimization, Cache & Page Speed optimizer plugin for WordPress is vulnerable to arbitrary folder deletion due to insufficient file path validation in the getcachedirforpagefromurl function in all versions up to, and including, 2.32.7. This makes it possible for...

CVE-2025-13377

The vulnerability CVE-2025-13377 affects the WordPress plugin “10Web Booster – Website speed optimization, Cache & Page Speed optimizer”, specifically in get_cache_dir_for_page_from_url() across all versions up to and including 2.32.7. The underlying issue is insufficient file path validation, en...

PT-2025-49354

Name of the Vulnerable Software and Affected Versions 10Web Booster versions prior to 2.32.8 Description The 10Web Booster – Website speed optimization, Cache & Page Speed optimizer plugin for WordPress is susceptible to arbitrary folder deletion due to inadequate file path validation within the...

WordPress plugin 10Web Booster 路径遍历漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A path travers...

CVE-2023-5559

The 10Web Booster WordPress plugin before 2.24.18 does not validate the option name given to some AJAX actions, allowing unauthenticated users to delete arbitrary options from the database, leading to denial of service...

WordPress plugin 10Web Booster security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability in the WordPress...

VulnCheck KEV: CVE-2023-5559

The 10Web Booster WordPress plugin before 2.24.18 does not validate the option name given to some AJAX actions, allowing unauthenticated users to delete arbitrary options from the database, leading to denial of service...