CVE-2025-13377

Name of the Vulnerable Software and Affected Versions 10Web Booster versions prior to 2.32.8

Description The 10Web Booster – Website speed optimization, Cache & Page Speed optimizer plugin for WordPress is susceptible to arbitrary folder deletion due to inadequate file path validation within the get cache dir for page from url() function. Authenticated attackers possessing Subscriber-level access or higher can delete arbitrary folders on the server, potentially resulting in data loss or a denial of service. The get cache dir for page from url() function is vulnerable.

Recommendations Update 10Web Booster to version 2.32.8 or later.