CVE-2023-5559

EUVD-2023-57859
The 10Web Booster WordPress plugin before 2.24.18 does not validate the option name given to some AJAX actions, allowing unauthenticated users to delete arbitrary options from the database, leading to denial of service.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.1 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 97%
Affected Products (NVD)
VendorProductVersion
10web10web_booster
𝑥
< 2.24.18
𝑥
= Vulnerable software versions
References
https://wpscan.com/vulnerability/eba46f7d-e4db-400c-8032-015f21087bbf
https://wpscan.com/vulnerability/eba46f7d-e4db-400c-8032-015f21087bbf