CVE-2023-5559 – 10Web Booster < 2.24.18 - Unauthenticated Arbitrary Option Deletion

https://notcve.org/view.php?id=CVE-2023-5559

29 Oct 2023 — The 10Web Booster WordPress plugin before 2.24.18 does not validate the option name given to some AJAX actions, allowing unauthenticated users to delete arbitrary options from the database, leading to denial of service. El complemento 10Web Booster de WordPress anterior al 24.2.18 no valida el nombre de opción dado a algunas acciones AJAX, lo que permite a usuarios no autenticados eliminar opciones arbitrarias de la base de datos, lo que lleva a la denegación de servicio. The 10Web Booster – Website speed o... • https://wpscan.com/vulnerability/eba46f7d-e4db-400c-8032-015f21087bbf • CWE-639: Authorization Bypass Through User-Controlled Key •