cleantalk
Vulnerabilities and Security Researches

Vulnerabilities and security researches fortenweb-speed-optimizer tenweb-speed-optimizer

Direction: descending
Jun 16, 2026

10Web Booster – Website speed optimization, Cache & Page Speed optimizer # 5e59882377ab9d5ea82b5007b310743230d1f332

CVE, Research URL

5e59882377ab9d5ea82b5007b310743230d1f332

Home page URL

Security reports for 10Web Booster – Website speed optimization, Cache & Page Speed optimizer

Application

10Web Booster – Website speed optimization, Cache & Page Speed optimizer

Date
Jan 25, 2023
Research Description
10Web Booster &#8211; Website speed optimization, Cache &amp; Page Speed optimizer [tenweb-speed-optimizer] < 2.12.23 10Web Booster – Website speed optimization, Cache & Page Speed optimizer <= 2.12.23 - Unauthenticated SQL Injection The 10Web Booster – Website speed optimization, Cache & Page Speed optimizer plugin for WordPress is vulnerable to SQL Injection via the filtered_ids parameter in versions up to, and including, 2.12.23 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
Affected versions
max 2.12.23.
Status
vulnerable

10Web Booster &#8211; Website speed optimization, Cache &amp; Page Speed optimizer # 97a495fe33c84cb495e8f979f58615f6312d8099

CVE, Research URL

97a495fe33c84cb495e8f979f58615f6312d8099

Home page URL

Security reports for 10Web Booster &#8211; Website speed optimization, Cache &amp; Page Speed optimizer

Application

10Web Booster &#8211; Website speed optimization, Cache &amp; Page Speed optimizer

Date
Feb 23, 2023
Research Description
10Web Booster &#8211; Website speed optimization, Cache &amp; Page Speed optimizer [tenweb-speed-optimizer] < 2.13.45 WordPress 10Web Booster – Website speed optimization, Cache & Page Speed optimizer Plugin <= 2.13.44 is vulnerable to Cross Site Scripting (XSS) Update the WordPress 10Web Booster – Website speed optimization, Cache & Page Speed optimizer plugin to the latest available version (at least 2.13.45). WordFence discovered and reported this Cross Site Scripting (XSS) vulnerability in WordPress 10Web Booster – Website speed optimization, Cache & Page Speed optimizer Plugin. This could allow a malicious actor to inject malicious scripts, such as redirects, advertisements, and other HTML payloads into your website which will be executed when guests visit your site. This vulnerability has been fixed in version 2.13.45.
Affected versions
max 2.13.45.
Status
vulnerable

10Web Booster &#8211; Website speed optimization, Cache &amp; Page Speed optimizer # de0f92533bfc2aebdfa825d005fcdb3e009b8a79

CVE, Research URL

de0f92533bfc2aebdfa825d005fcdb3e009b8a79

Home page URL

Security reports for 10Web Booster &#8211; Website speed optimization, Cache &amp; Page Speed optimizer

Application

10Web Booster &#8211; Website speed optimization, Cache &amp; Page Speed optimizer

Date
Oct 29, 2023
Research Description
10Web Booster &#8211; Website speed optimization, Cache &amp; Page Speed optimizer [tenweb-speed-optimizer] < 2.24.18 WordPress 10Web Booster – Website speed optimization, Cache & Page Speed optimizer Plugin <= 2.24.14 is vulnerable to Settings Change Update the WordPress 10Web Booster – Website speed optimization, Cache & Page Speed optimizer plugin to the latest available version (at least 2.24.18). An unknown person discovered and reported this Settings Change vulnerability in WordPress 10Web Booster – Website speed optimization, Cache & Page Speed optimizer Plugin. This vulnerability has been fixed in version 2.24.18.
Affected versions
max 2.24.18.
Status
vulnerable

10Web Booster &#8211; Website speed optimization, Cache &amp; Page Speed optimizer # 182b53a19005ff35d62bd24481e57e153c925f15

CVE, Research URL

182b53a19005ff35d62bd24481e57e153c925f15

Home page URL

Security reports for 10Web Booster &#8211; Website speed optimization, Cache &amp; Page Speed optimizer

Application

10Web Booster &#8211; Website speed optimization, Cache &amp; Page Speed optimizer

Date
Feb 21, 2023
Research Description
10Web Booster &#8211; Website speed optimization, Cache &amp; Page Speed optimizer [tenweb-speed-optimizer] < 2.13.45 10Web Booster – Website speed optimization, Cache & Page Speed optimizer <= 2.13.44 - Missing Authorization in Settings Import to Stored Cross-Site Scripting The 10Web Booster – Website speed optimization, Cache & Page Speed optimizer plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check within the settings import functionality in versions up to, and including, 2.13.44. This makes it possible for unauthenticated attackers to conduct cross-site scripting attacks by injecting arbitrary web scripts in the two_delay_custom_js setting that will execute whenever a user accesses an injected page.
Affected versions
max 2.13.45.
Status
vulnerable

10Web Booster &#8211; Website speed optimization, Cache &amp; Page Speed optimizer # a5844136834f85b2f395ec698651bb0c6473b351

CVE, Research URL

a5844136834f85b2f395ec698651bb0c6473b351

Home page URL

Security reports for 10Web Booster &#8211; Website speed optimization, Cache &amp; Page Speed optimizer

Application

10Web Booster &#8211; Website speed optimization, Cache &amp; Page Speed optimizer

Date
Oct 29, 2023
Research Description
10Web Booster &#8211; Website speed optimization, Cache &amp; Page Speed optimizer [tenweb-speed-optimizer] < 2.24.18 10Web Booster <= 2.24.14 - Unauthenticated Arbitrary Option Deletion The 10Web Booster – Website speed optimization, Cache & Page Speed optimizer plugin for WordPress is vulnerable to unauthorized loss of data due to insufficient validation on the option value being supplied to the two_init_flow_score and the two_init_flow_score functions hooked via nopriv AJAX in all versions up to, and including, 2.24.14. This makes it possible for unauthenticated attackers to delete arbitrary option values from the site.
Affected versions
max 2.24.18.
Status
vulnerable

10Web Booster &#8211; Website speed optimization, Cache &amp; Page Speed optimizer # fc200a6e9c12da568e368ba326276d36c052bd46

CVE, Research URL

fc200a6e9c12da568e368ba326276d36c052bd46

Home page URL

Security reports for 10Web Booster &#8211; Website speed optimization, Cache &amp; Page Speed optimizer

Application

10Web Booster &#8211; Website speed optimization, Cache &amp; Page Speed optimizer

Date
Jan 26, 2023
Research Description
10Web Booster &#8211; Website speed optimization, Cache &amp; Page Speed optimizer [tenweb-speed-optimizer] < 2.12.23 WordPress 10Web Booster – Website speed optimization, Cache & Page Speed optimizer Plugin <= 2.12.22 is vulnerable to SQL Injection Update the WordPress 10Web Booster – Website speed optimization, Cache & Page Speed optimizer plugin to the latest available version (at least 2.12.23). Unknown discovered and reported this SQL Injection vulnerability in WordPress 10Web Booster – Website speed optimization, Cache & Page Speed optimizer Plugin. This could allow a malicious actor to directly interact with your database, including but not limited to stealing information and creating new administrator accounts. This vulnerability has been fixed in version 2.12.23.
Affected versions
max 2.12.23.
Status
vulnerable
Jan 11, 2026

10Web Booster &#8211; Website speed optimization, Cache &amp; Page Speed optimizer # CVE-2025-13377

CVE, Research URL

CVE-2025-13377

Home page URL

Security reports for 10Web Booster &#8211; Website speed optimization, Cache &amp; Page Speed optimizer

Application

10Web Booster &#8211; Website speed optimization, Cache &amp; Page Speed optimizer

Date
Dec 06, 2025
Research Description
The 10Web Booster – Website speed optimization, Cache & Page Speed optimizer plugin for WordPress is vulnerable to arbitrary folder deletion due to insufficient file path validation in the get_cache_dir_for_page_from_url() function in all versions up to, and including, 2.32.7. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary folders on the server, which can easily lead to a loss of data or a denial of service condition.
Affected versions
max 2.32.11.
Status
vulnerable
Jun 07, 2024

10Web Booster &#8211; Website speed optimization, Cache &amp; Page Speed optimizer # d7af6af80f71fc4d8db1ce428911050a1d5504ba

CVE, Research URL

d7af6af80f71fc4d8db1ce428911050a1d5504ba

Home page URL

Security reports for 10Web Booster &#8211; Website speed optimization, Cache &amp; Page Speed optimizer

Application

10Web Booster &#8211; Website speed optimization, Cache &amp; Page Speed optimizer

Date
Nov 19, 2022
Research Description
10Web Booster &#8211; Website speed optimization, Cache &amp; Page Speed optimizer [tenweb-speed-optimizer] < 2.8.35 10Web Booster – Website speed optimization, Cache & Page Speed optimizer <= 2.8.34 - Missing Authorization to Plugin Deactivation The 10Web Booster plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the two_deactivate_plugin function in versions up to, and including, 2.8.34. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to deactivate incompatible plugins.
Affected versions
max 2.8.35.
Status
vulnerable

10Web Booster &#8211; Website speed optimization, Cache &amp; Page Speed optimizer # CVE-2023-5559

CVE, Research URL

CVE-2023-5559

Home page URL

Security reports for 10Web Booster &#8211; Website speed optimization, Cache &amp; Page Speed optimizer

Application

10Web Booster &#8211; Website speed optimization, Cache &amp; Page Speed optimizer

Date
Nov 27, 2023
Research Description
The 10Web Booster WordPress plugin before 2.24.18 does not validate the option name given to some AJAX actions, allowing unauthenticated users to delete arbitrary options from the database, leading to denial of service.
Affected versions
max 2.24.18.
Status
vulnerable