vulnerability
WordPress Plugin: tenweb-speed-optimizer: CVE-2023-5559: Authorization Bypass Through User-Controlled Key
Severity | CVSS | Published | Added | Modified |
---|---|---|---|---|
9 | (AV:N/AC:L/Au:N/C:N/I:C/A:C) | Oct 29, 2023 | May 15, 2025 | May 15, 2025 |
Severity
9
CVSS
(AV:N/AC:L/Au:N/C:N/I:C/A:C)
Published
Oct 29, 2023
Added
May 15, 2025
Modified
May 15, 2025
Description
The 10Web Booster – Website speed optimization, Cache and Page Speed optimizer plugin for WordPress is vulnerable to unauthorized loss of data due to insufficient validation on the option value being supplied to the two_init_flow_score and the two_init_flow_score functions hooked via nopriv AJAX in all versions up to, and including, 2.24.14. This makes it possible for unauthenticated attackers to delete arbitrary option values from the site.
Solution
tenweb-speed-optimizer-plugin-cve-2023-5559

NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.