CVE-2023-5559: 
WordPress vulnerability analysis and mitigation

The 10Web Booster WordPress plugin before version 2.24.18 contains a security vulnerability identified as CVE-2023-5559. This vulnerability stems from the plugin's failure to validate option names in certain AJAX actions, which allows unauthenticated users to delete arbitrary options from the database. The vulnerability was discovered and publicly disclosed on October 31, 2023, affecting all versions of the plugin prior to 2.24.18 (WPScan).

The vulnerability is classified as a Missing Authorization issue (CWE-862) with a CVSS v3.1 base score of 9.1 (CRITICAL), indicating its severe nature. The attack vector is characterized by CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H, meaning it can be exploited remotely with low attack complexity, requires no privileges or user interaction, and can result in high impact on integrity and availability (NVD).

When exploited, this vulnerability can lead to denial of service by allowing attackers to delete arbitrary options from the WordPress database. For example, deleting critical site options like 'siteurl' can cause the site to become non-functional (WPScan).

The vulnerability has been patched in version 2.24.18 of the 10Web Booster plugin. Site administrators are strongly advised to update to this version or later to protect their installations (WPScan).