Arbitrary Option Deletion Vulnerability in 10Web Booster WordPress Plugin
CVE-2023-5559 · CRITICAL Severity
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
The 10Web Booster WordPress plugin before 2.24.18 does not validate the option name given to some AJAX actions, allowing unauthenticated users to delete arbitrary options from the database, leading to denial of service.
Learn more about our Wordpress Pen Testing.