📦

10web_booster

Vendor: 10web

Actively Exploited 0 CISA KEV List

PoC / Exploits 0 Code Available

Total RCEs 0 Remote Access

Total CVEs 3 Total Indexed

Avg. EPSS 26.28% Exploit Prob.

Latest CVE CVE-2025-13377 Dec 06

Security Vulnerability Index

Page 1 / 1

9.6 CVSS

CVE-2025-13377

The 10Web Booster – Website speed optimization, Cache & Page Speed optimizer plugin for WordPress is vulnerable to arbitrary folder deletion due to insufficient file path validation in the get_cache_dir_for_page_from_url() function in all versions up to, and including, 2.32.7. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary folders on the server, which can easily lead to a loss of data or a denial of service condition.

EPSS: 0.09%

Severity: CRITICAL

Dec 06, 2025

9.1 CVSS

CVE-2023-5559

The 10Web Booster WordPress plugin before 2.24.18 does not validate the option name given to some AJAX actions, allowing unauthenticated users to delete arbitrary options from the database, leading to denial of service.

EPSS: 52.48%

Severity: CRITICAL

Nov 27, 2023

Displaying 2 of 3 Total Entries

Total 1 Sections