Approved changes feed: RSS · Atom

cpe:2.3:a:10web:10web_booster:*:*:*:*:*:wordpress:*:*

part: a version: * update: *

Vendor10Web (a48aaa7e-f686-5cd9-9b59-60b5c3bf60d0)
Product10Web Booster (01ad6317-e8ab-5b71-b77f-8a118fd36eb2)
Edition*
Language*
Software edition*
Target softwarewordpress
Target hardware*
Other*
NotesImported from gcve-enriched-dumps CVE data

PURL mappings

PURLSourceLast updated
No PURL mappings for this CPE yet.

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2025-13377 vulnerable 2026-06-08 07:04:32.100530 10Web Booster <= 2.32.7 - Authenticated (Subscriber+) Arbitrary Folder Deletion via two_clear_page_cache
CRITICAL (9.6)
The 10Web Booster – Website speed optimization, Cache & Page Speed optimizer plugin for WordPress is vulnerable to arbitrary folder deletion due to insufficient file path validation in the get_cache_dir_for_page_from_url() function in all versions up to, and including, 2.32.7. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary folders on the server, which can easily lead to a loss of data or a denial of service condition.
Published: 2025-12-06T06:39:09.191Z
Updated: 2026-04-08T17:34:03.487Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2023-5559 vulnerable 2026-06-08 06:19:44.026742 10Web Booster < 2.24.18 - Unauthenticated Arbitrary Option Deletion
The 10Web Booster WordPress plugin before 2.24.18 does not validate the option name given to some AJAX actions, allowing unauthenticated users to delete arbitrary options from the database, leading to denial of service.
Published: 2023-11-27T16:22:06.218Z
Updated: 2024-08-02T07:59:44.808Z
Reference links
Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.