cleantalk
Vulnerabilities and Security Researches

10Web Booster – Website speed optimization, Cache & Page Speed optimizer, 182b53a19005ff35d62bd24481e57e153c925f15

CVE, Research URL

182b53a19005ff35d62bd24481e57e153c925f15

Home page URL

Security reports for 10Web Booster – Website speed optimization, Cache & Page Speed optimizer

Application

10Web Booster – Website speed optimization, Cache & Page Speed optimizer

Published on
Feb 21, 2023
Research Description
10Web Booster &#8211; Website speed optimization, Cache &amp; Page Speed optimizer [tenweb-speed-optimizer] < 2.13.45 10Web Booster – Website speed optimization, Cache & Page Speed optimizer <= 2.13.44 - Missing Authorization in Settings Import to Stored Cross-Site Scripting The 10Web Booster – Website speed optimization, Cache & Page Speed optimizer plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check within the settings import functionality in versions up to, and including, 2.13.44. This makes it possible for unauthenticated attackers to conduct cross-site scripting attacks by injecting arbitrary web scripts in the two_delay_custom_js setting that will execute whenever a user accesses an injected page.
Affected versions
max 2.13.45.
Status
vulnerable
Previous vulnerability researches
WordPress Connect (feaf7c04-4991-4c34-bfbf-d849a9e38599) , Jun 16, 2026
WordPress Connect (5b2d1beeae1454c4c4f60eac4f084fd504540b28) , Jun 16, 2026
WordPress Connect (b326cdbf2040aa8eeb688f951965600d9b290062) , Jun 06, 2024
New vulnerability
Alley Business Toolkit (87154e111b969556cb336890f4d16d5782634526) , Jun 16, 2026
Alley Business Toolkit (6d8910c719b2a132ec93828cd37e418b19cac960) , Jun 16, 2026
Copy or Move Comments (d65776e8-5383-4b0a-82f6-c53751ea882c) , Jun 16, 2026
Copy or Move Comments (24f8cdac9228df7523d58ed6ae2a9ef029ffe0ea) , Jun 16, 2026
Copy or Move Comments (a9725906c4e79783f0e4f70ce0a956d03ef4d430) , Jun 16, 2026