10Web Booster – Website speed optimization, Cache & Page Speed optimizer, d7af6af80f71fc4d8db1ce428911050a1d5504ba
- CVE, Research URL
- Home page URL
- Published on
- Nov 19, 2022
- Research Description
- 10Web Booster – Website speed optimization, Cache & Page Speed optimizer [tenweb-speed-optimizer] < 2.8.35 10Web Booster – Website speed optimization, Cache & Page Speed optimizer <= 2.8.34 - Missing Authorization to Plugin Deactivation The 10Web Booster plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the two_deactivate_plugin function in versions up to, and including, 2.8.34. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to deactivate incompatible plugins.
- Affected versions
-
max 2.8.35.
- Status
-
vulnerable