10web Booster

1 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest

CVE-2025-13377 CRITICAL PATCH Act Now

The 10Web Booster - Website speed optimization, Cache & Page Speed optimizer plugin for WordPress is vulnerable to arbitrary folder deletion due to insufficient file path validation in the get_cache_dir_for_page_from_url() function in all versions up to, and including, 2.32.7. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary folders on the server, which can easily lead to a loss of data or a denial of service condition.

Path Traversal WordPress Denial Of Service 10web Booster PHP

NVD

CVSS 3.1

9.6

EPSS

0.1%

CVE-2025-13377

EPSS 0% CVSS 9.6

CRITICAL PATCH Act Now

The 10Web Booster - Website speed optimization, Cache & Page Speed optimizer plugin for WordPress is vulnerable to arbitrary folder deletion due to insufficient file path validation in the get_cache_dir_for_page_from_url() function in all versions up to, and including, 2.32.7. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary folders on the server, which can easily lead to a loss of data or a denial of service condition.

Path Traversal WordPress Denial Of Service +2

NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy