How to fix EUVD-2025-201539?

Within 24 hours: Identify all WordPress installations using 10Web Booster plugin and disable or remove it immediately. Within 7 days: Apply plugin update to version 2.32.8 or later on all affected systems and conduct filesystem integrity verification. Within 30 days: Audit access logs for suspicious file deletion activity, review user account permissions to restrict Subscriber-level access where possible, and implement a plugin management policy requiring automatic security updates.

Is 10web Booster affected by EUVD-2025-201539?

A critical vulnerability in the 10Web Booster WordPress plugin allows attackers with basic user account access to delete arbitrary folders on web servers, potentially resulting in complete data loss or service disruption.

EUVD-2025-201539

| CVE-2025-13377 CRITICAL

2025-12-06 [email protected]

9.6

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Changed

Confidentiality

None

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 15, 2026 - 17:37 vuln.today

EUVD ID Assigned

Mar 15, 2026 - 17:37 euvd

EUVD-2025-201539

Patch Released

Mar 15, 2026 - 17:37 nvd

Patch available

CVE Published

Dec 06, 2025 - 07:15 nvd

CRITICAL 9.6

Description

The 10Web Booster - Website speed optimization, Cache & Page Speed optimizer plugin for WordPress is vulnerable to arbitrary folder deletion due to insufficient file path validation in the get_cache_dir_for_page_from_url() function in all versions up to, and including, 2.32.7. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary folders on the server, which can easily lead to a loss of data or a denial of service condition.

Analysis

Technical Context

Path traversal allows an attacker to access files outside the intended directory by manipulating file paths with sequences like '../'.

Affected Products

Affected products: 10Web 10Web Booster

Remediation

A vendor patch is available — apply it immediately. Validate and sanitize file path inputs. Use a whitelist of allowed files or directories. Implement chroot jails or containerization.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.1

CVSS: +48

POC: 0

EUVD-2025-201539 vulnerability details – vuln.today

Back

EUVD-2025-201539

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

EUVD-2025-201539

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

External POC / Exploit Code