CVE-2023-5559
CRITICAL EXPLOITED NUCLEI10Web Booster < 2.24.18 - Unauthenticated Denial of Service via Arbitrary Option Deletion
Title source: llmExploitation Summary
CVE-2023-5559 has been observed exploited in the wild (reported by VulnCheck KEV). A Nuclei detection template is also available.
Description
The 10Web Booster WordPress plugin before 2.24.18 does not validate the option name given to some AJAX actions, allowing unauthenticated users to delete arbitrary options from the database, leading to denial of service.
Nuclei Templates (1)
10Web Booster < 2.24.18 - Unauthenticated Arbitrary Option Deletion
CRITICALVERIFIEDby daffainfo
References (1)
Core 1
Core References
Exploit, Third Party Advisory exploit
vdb-entry
technical-description
https://wpscan.com/vulnerability/eba46f7d-e4db-400c-8032-015f21087bbf
Scores
CVSS v3
9.1
EPSS
0.0281
EPSS Percentile
84.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
Details
VulnCheck KEV
2023-10-29
Status
published
Products (1)
10web/10web_booster
< 2.24.18
Published
Nov 27, 2023
Tracked Since
Feb 18, 2026