CVE-2023-5559

critical

Description

The 10Web Booster WordPress plugin before 2.24.18 does not validate the option name given to some AJAX actions, allowing unauthenticated users to delete arbitrary options from the database, leading to denial of service.

References

https://wpscan.com/vulnerability/eba46f7d-e4db-400c-8032-015f21087bbf

Details

Source: Mitre, NVD

Published: 2023-11-27

Updated: 2023-11-30

Risk Information

CVSS v2

Base Score: 9.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:C/A:C

Severity: High

CVSS v3

Base Score: 9.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.02811

Detections

Analytics