Lucene search
China National Vulnerability DatabaseCNVD-2022-19814HistoryFeb 10, 2022 - 12:00 a.m.
WordPress Asset CleanUp: Page Speed Booster plugin cross-site scripting vulnerability
2022-02-1000:00:00
China National Vulnerability Database
www.cnvd.org.cn
10
0.001 Low
EPSS
Percentile
40.3%
WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. Asset CleanUp:Page Speed Booster WordPress plugin prior to version 1.3.8.5 is vulnerable to a cross-site scripting vulnerability, which stems from the fact that the wpacu_selected_sub _tab_area parameter is not escaped before it is exported back to the properties of the admin page. An attacker could exploit this vulnerability to execute JavaScript code on the client side.
| CPE | Name | Operator | Version |
|---|---|---|---|
| WordPress Asset CleanUp:Page Speed Booster plugin <1. | eq | 3.8.5 |
Related
cve
cve
CVE-2021-24937
2022-02-01 13:15:08
patchstack
patchstack
wpexploit
wpexploit
Asset CleanUp < 1.3.8.5 - Reflected Cross-Site Scripting
2022-01-03 00:00:00
cvelist
cvelist
CVE-2021-24937 Asset CleanUp < 1.3.8.5 - Reflected Cross-Site Scripting
2022-02-01 12:21:32
prion
prion
Cross site scripting
2022-02-01 13:15:00
nvd
nvd
CVE-2021-24937
2022-02-01 13:15:08
wpvulndb
wpvulndb
Asset CleanUp < 1.3.8.5 - Reflected Cross-Site Scripting
2022-01-03 00:00:00
openvas
openvas