Blog

"Prevention is cheaper than a breach"

Live Vulnerability Intelligence

Threat Database

Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.

Total2

Critical2

High0

Medium0

Search Severity Year Type Sort Order

Reset

Showing 1-2 of 2 records

Threat Entry Updated 2025-12-11

CVE-2025-13377 - 10web Booster Plugin

The 10Web Booster – Website speed optimization, Cache & Page Speed optimizer plugin for WordPress is vulnerable to arbitrary folder deletion due to insufficient file path validation in the get_cache_dir_for_page_from_url() function in all versions up to, and including, 2.32.7. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary folders on the server, which can easily lead to a loss of data or a denial of service condition.

PLUGIN 10web Booster

CVE-2025-13377

CRITICAL CVSS 9.6 2025-12-06

Risk Score

Open Full Technical Breakdown

Threat Entry Updated 2024-11-21

CVE-2023-5559 - 10web Booster Plugin

The 10Web Booster WordPress plugin before 2.24.18 does not validate the option name given to some AJAX actions, allowing unauthenticated users to delete arbitrary options from the database, leading to denial of service.

PLUGIN 10web Booster

CVE-2023-5559

CRITICAL CVSS 9.1 2023-11-27