CVE-2023-5559

CRITICAL EXPLOITED NUCLEI

10web Booster < 2.24.18 - Denial of Service

Title source: rule

Description

The 10Web Booster WordPress plugin before 2.24.18 does not validate the option name given to some AJAX actions, allowing unauthenticated users to delete arbitrary options from the database, leading to denial of service.

Nuclei Templates (1)

10Web Booster < 2.24.18 - Unauthenticated Arbitrary Option Deletion

CRITICALVERIFIEDby daffainfo

References (1)

[Exploit, Third Party Advisory] https://wpscan.com/vulnerability/eba46f7d-e4db-400c-8032-015f21087bbf

Scores

CVSS v3 9.1

EPSS 0.5248

EPSS Percentile 97.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

Details

VulnCheck KEV 2023-10-29

Status published

Products (1)

10web/10web_booster < 2.24.18

Published Nov 27, 2023

Tracked Since Feb 18, 2026