The 10Web Booster WordPress plugin before 2.24.18 does not validate the option name given to some AJAX actions, allowing unauthenticated users to delete arbitrary options from the database, leading to denial of service.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: WPScan

Published: 2023-11-27T16:22:06.218Z

Updated: 2024-08-02T07:59:44.808Z

Reserved: 2023-10-12T14:55:58.100Z

Link: CVE-2023-5559

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2023-11-27T17:15:08.927

Modified: 2024-11-21T08:42:00.973

Link: CVE-2023-5559

cve-icon Redhat

No data.