cve/2023/CVE-2023-5559.md

### [CVE-2023-5559](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5559)
![](https://img.shields.io/static/v1?label=Product&message=10Web%20Booster&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=0%3C%202.24.18%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-862%20Missing%20Authorization&color=brighgreen)

### Description

The 10Web Booster WordPress plugin before 2.24.18 does not validate the option name given to some AJAX actions, allowing unauthenticated users to delete arbitrary options from the database, leading to denial of service.

### POC

#### Reference
- https://wpscan.com/vulnerability/eba46f7d-e4db-400c-8032-015f21087bbf

#### Github
No PoCs found on GitHub currently.
Update CVE sources 2024-05-28 08:49 2024-05-28 08:49:17 +00:00			`### [CVE-2023-5559](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5559)`
			`![](https://img.shields.io/static/v1?label=Product&message=10Web%20Booster&color=blue)`
			`![](https://img.shields.io/static/v1?label=Version&message=0%3C%202.24.18%20&color=brighgreen)`
			`![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-862%20Missing%20Authorization&color=brighgreen)`

			`### Description`

			`The 10Web Booster WordPress plugin before 2.24.18 does not validate the option name given to some AJAX actions, allowing unauthenticated users to delete arbitrary options from the database, leading to denial of service.`

			`### POC`

			`#### Reference`
			`- https://wpscan.com/vulnerability/eba46f7d-e4db-400c-8032-015f21087bbf`

			`#### Github`
			`No PoCs found on GitHub currently.`