vulnerability

WordPress Plugin: tenweb-speed-optimizer: CVE-2023-5559: Authorization Bypass Through User-Controlled Key

Severity
9
CVSS
(AV:N/AC:L/Au:N/C:N/I:C/A:C)
Published
Oct 29, 2023
Added
May 15, 2025
Modified
May 15, 2025

Description

The 10Web Booster – Website speed optimization, Cache and Page Speed optimizer plugin for WordPress is vulnerable to unauthorized loss of data due to insufficient validation on the option value being supplied to the two_init_flow_score and the two_init_flow_score functions hooked via nopriv AJAX in all versions up to, and including, 2.24.14. This makes it possible for unauthenticated attackers to delete arbitrary option values from the site.

Solution

tenweb-speed-optimizer-plugin-cve-2023-5559
Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.