via pluginvulnerabilities.com => original post link
Recently, a fairly serious vulnerability was fixed in the WordPress plugin 10Web Booster, which WPScan is claiming was discovered by Krzysztof Zając. That vulnerability allowed anyone to delete arbitrary WordPress options (settings). The vulnerability could have been most easily used to disable the website. That the vulnerability existed in the plugin isn’t surprising considering the developer has a long track record of poor handling of security. That includes another serious vulnerability found in this plugin earlier this year. After that earlier vulnerability was fixed, the developer ran the plugin through the PHP_CodeSniffer (PHPCS) software or some variant of it. The results of that are out of line with claims made about that software and the related WordPressCS.
Here was the vulnerable function that led to the option deletion vulnerability: [Read more]