Unrated severityNVD Advisory· Published Dec 6, 2025· Updated Apr 8, 2026
10Web Booster <= 2.32.7 - Authenticated (Subscriber+) Arbitrary Folder Deletion via two_clear_page_cache
CVE-2025-13377
Description
The 10Web Booster – Website speed optimization, Cache & Page Speed optimizer plugin for WordPress is vulnerable to arbitrary folder deletion due to insufficient file path validation in the get_cache_dir_for_page_from_url() function in all versions up to, and including, 2.32.7. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary folders on the server, which can easily lead to a loss of data or a denial of service condition.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
1- 10web/10Web Booster – Website speed optimization, Cache & Page Speed optimizerv5Range: 0
Patches
Vulnerability mechanics
References
2News mentions
0No linked articles in our index yet.