cleantalk
Vulnerabilities and Security Researches

10Web Booster – Website speed optimization, Cache & Page Speed optimizer, a5844136834f85b2f395ec698651bb0c6473b351

CVE, Research URL

a5844136834f85b2f395ec698651bb0c6473b351

Home page URL

Security reports for 10Web Booster – Website speed optimization, Cache & Page Speed optimizer

Application

10Web Booster – Website speed optimization, Cache & Page Speed optimizer

Published on
Oct 29, 2023
Research Description
10Web Booster &#8211; Website speed optimization, Cache &amp; Page Speed optimizer [tenweb-speed-optimizer] < 2.24.18 10Web Booster <= 2.24.14 - Unauthenticated Arbitrary Option Deletion The 10Web Booster – Website speed optimization, Cache & Page Speed optimizer plugin for WordPress is vulnerable to unauthorized loss of data due to insufficient validation on the option value being supplied to the two_init_flow_score and the two_init_flow_score functions hooked via nopriv AJAX in all versions up to, and including, 2.24.14. This makes it possible for unauthenticated attackers to delete arbitrary option values from the site.
Affected versions
max 2.24.18.
Status
vulnerable
Previous vulnerability researches
My auctions allegro (CVE-2025-27009) , Apr 16, 2025
My auctions allegro (CVE-2024-11707) , Dec 06, 2024
My auctions allegro (CVE-2025-68567) , Jan 10, 2026
My auctions allegro (CVE-2025-68566) , Jan 10, 2026
My auctions allegro (CVE-2025-12851) , Dec 10, 2025
New vulnerability
Support Ticket (e84585851242702267d5dea9c66917a9ed7789e5) , Jun 16, 2026
Support Ticket (887d08d5f6f5bdbcd7cb32b84595218871242343) , Jun 16, 2026
Seamless Donations: A Platform for Global Fundraising and Rebuilding using Stripe and PayPal (28a90cb9e1aab33eaf118ec9377b0583d4db37cb) , Jun 16, 2026
Real Testimonials (b608d2d1-b757-427b-a079-32792c2a8d42) , Jun 16, 2026
Real Testimonials (8f1e70a958ba31272d3a21553ce89d5910ae5628) , Jun 16, 2026