Filtered by vendor 10web
Subscriptions
Filtered by product 10web Booster
Subscriptions
Total
2 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-13377 | 2 10web, Wordpress | 2 10web Booster, Wordpress | 2025-12-08 | 9.6 Critical |
| The 10Web Booster – Website speed optimization, Cache & Page Speed optimizer plugin for WordPress is vulnerable to arbitrary folder deletion due to insufficient file path validation in the get_cache_dir_for_page_from_url() function in all versions up to, and including, 2.32.7. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary folders on the server, which can easily lead to a loss of data or a denial of service condition. | ||||
| CVE-2023-5559 | 1 10web | 1 10web Booster | 2024-11-21 | 9.1 Critical |
| The 10Web Booster WordPress plugin before 2.24.18 does not validate the option name given to some AJAX actions, allowing unauthenticated users to delete arbitrary options from the database, leading to denial of service. | ||||
Page 1 of 1.