Arbitrary Option Deletion Vulnerability in 10Web Booster WordPress Plugin

Arbitrary Option Deletion Vulnerability in 10Web Booster WordPress Plugin

CVE-2023-5559 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

The 10Web Booster WordPress plugin before 2.24.18 does not validate the option name given to some AJAX actions, allowing unauthenticated users to delete arbitrary options from the database, leading to denial of service.

Learn more about our Wordpress Pen Testing.