What is CVE-2023-5559?

CVE-2023-5559 is a vulnerability in 10web Booster, classified under CWE-862 MISSING AUTHORIZATION. Published 2023-11-27.

Is CVE-2023-5559 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in 10web Booster

CVE-2023-5559

The 10Web Booster WordPress plugin before 2.24.18 does not validate the option name given to some AJAX actions, allowing unauthenticated users to delete arbitrary options from the database, leading to denial of service.

EPSS: 0.525 (98.0th percentile) — read the EPSS interpretation.

Affected products

Unknown 10web Booster — versions 0

Public proof-of-concept exploits

20142995/nuclei-templates
ARPSyndicate/cve-scores

References

wpscan.com/vulnerability/eba46f7d-e4db-400c-8032-015f21087bbf (exploit, vdb-entry, technical-description)

Frequently asked questions

What is CVE-2023-5559?: CVE-2023-5559 is a vulnerability in 10web Booster, classified under CWE-862 MISSING AUTHORIZATION. Published 2023-11-27.
Is CVE-2023-5559 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.