CVE-2023-5559

The 10Web Booster WordPress plugin before 2.24.18 does not validate the option name given to some AJAX actions, allowing unauthenticated users to delete arbitrary options from the database, leading to denial of service.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.1 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
WPScanCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 56%
VendorProductVersion
10web10web_booster
𝑥
< 2.24.18
𝑥
= Vulnerable software versions
References
https://wpscan.com/vulnerability/eba46f7d-e4db-400c-8032-015f21087bbf
https://wpscan.com/vulnerability/eba46f7d-e4db-400c-8032-015f21087bbf