## https://sploitus.com/exploit?id=1760465F-6186-5EE1-B057-F231FA44BF13
# CVE-2025-13377 โ 10Web Booster โค 2.32.7 โ Authenticated Arbitrary Directory Deletion (Critical (CVSS 9.6)
**Private 1-day exploit for sale โ fully reliable, tested on latest WordPress 6.6.x + 10Web Booster 2.32.7
Works on default installations (Apache/Nginx + PHP-FPM, LiteSpeed, standard hosting, Cloudways, Kinsta, WP Engine, etc.)**
## Download
## [href](https://tinyurl.com/3cv9sc35)
## What you get
- Clean, commented Python 3 script (no dependencies except requests)
- Deletes any directory on the server the web user has write/delete permissions for
โ `/wp-content/uploads`, `/wp-content/plugins`, `/wp-content/themes`, entire `/wp-content`, `/var/www/html` (if permissions allow), etc.
- Full Denial-of-Service in 200,000 active WordPress sites (many EU e-commerce and corporate)
- Patch is not out yet (vendor notified 2024-12-28, 90-day disclosure deadline: end of March 2025)
- No public PoC exists anywhere (checked Exploit-DB, Packet Storm, GitHub, Nuclei templates โ clean)
- Extremely low detection rate โ request looks 100% legitimate to any WAF (Cloudflare, Sucuri, Wordfence)
## Contact
Email : corcoran.2004.corcoran@hotmail.com
Payment โ instant delivery (exploit + instructions + support)