10Web Booster – Website speed optimization, Cache & Page Speed optimizer, 182b53a19005ff35d62bd24481e57e153c925f15
- CVE, Research URL
- Home page URL
- Published on
- Feb 21, 2023
- Research Description
- 10Web Booster – Website speed optimization, Cache & Page Speed optimizer [tenweb-speed-optimizer] < 2.13.45 10Web Booster – Website speed optimization, Cache & Page Speed optimizer <= 2.13.44 - Missing Authorization in Settings Import to Stored Cross-Site Scripting The 10Web Booster – Website speed optimization, Cache & Page Speed optimizer plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check within the settings import functionality in versions up to, and including, 2.13.44. This makes it possible for unauthenticated attackers to conduct cross-site scripting attacks by injecting arbitrary web scripts in the two_delay_custom_js setting that will execute whenever a user accesses an injected page.
- Affected versions
-
max 2.13.45.
- Status
-
vulnerable