{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-5559", "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "state": "PUBLISHED", "assignerShortName": "WPScan", "dateReserved": "2023-10-12T14:55:58.100Z", "datePublished": "2023-11-27T16:22:06.218Z", "dateUpdated": "2024-08-02T07:59:44.808Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "shortName": "WPScan", "dateUpdated": "2023-11-27T16:22:06.218Z"}, "title": "10Web Booster < 2.24.18 - Unauthenticated Arbitrary Option Deletion", "problemTypes": [{"descriptions": [{"description": "CWE-862 Missing Authorization", "lang": "en", "type": "CWE"}]}], "affected": [{"vendor": "Unknown", "product": "10Web Booster", "versions": [{"status": "affected", "versionType": "semver", "version": "0", "lessThan": "2.24.18"}], "defaultStatus": "unaffected", "collectionURL": "https://wordpress.org/plugins"}], "descriptions": [{"lang": "en", "value": "The 10Web Booster WordPress plugin before 2.24.18 does not validate the option name given to some AJAX actions, allowing unauthenticated users to delete arbitrary options from the database, leading to denial of service."}], "references": [{"url": "https://wpscan.com/vulnerability/eba46f7d-e4db-400c-8032-015f21087bbf", "tags": ["exploit", "vdb-entry", "technical-description"]}], "credits": [{"lang": "en", "value": "Krzysztof Zaj\u0105c", "type": "finder"}, {"lang": "en", "value": "WPScan", "type": "coordinator"}], "source": {"discovery": "EXTERNAL"}, "x_generator": {"engine": "WPScan CVE Generator"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T07:59:44.808Z"}, "title": "CVE Program Container", "references": [{"url": "https://wpscan.com/vulnerability/eba46f7d-e4db-400c-8032-015f21087bbf", "tags": ["exploit", "vdb-entry", "technical-description", "x_transferred"]}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:10web:10web_booster:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "3DAA777F-5807-4D4F-8A86-E904B2A70665", "versionEndExcluding": "2.24.18", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The 10Web Booster WordPress plugin before 2.24.18 does not validate the option name given to some AJAX actions, allowing unauthenticated users to delete arbitrary options from the database, leading to denial of service."}, {"lang": "es", "value": "El complemento 10Web Booster de WordPress anterior al 24.2.18 no valida el nombre de opci\u00f3n dado a algunas acciones AJAX, lo que permite a usuarios no autenticados eliminar opciones arbitrarias de la base de datos, lo que lleva a la denegaci\u00f3n de servicio."}], "id": "CVE-2023-5559", "lastModified": "2023-11-30T20:19:30.347", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-11-27T17:15:08.927", "references": [{"source": "contact@wpscan.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://wpscan.com/vulnerability/eba46f7d-e4db-400c-8032-015f21087bbf"}], "sourceIdentifier": "contact@wpscan.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}