62 matches found
PT-2022-10596 · WordPress · Asset Cleanup: Page Speed Booster
Name of the Vulnerable Software and Affected Versions: Asset CleanUp: Page Speed Booster plugin versions = 1.3.8.4 Description: The issue is related to an Authenticated Reflected Cross-Site Scripting XSS vulnerability. This type of vulnerability allows an attacker to inject malicious scripts into...
WordPress Asset CleanUp: Page Speed Booster plugin <= 1.3.8.4 - Authenticated Reflected Cross-Site Scripting (XSS) vulnerability
Authenticated Reflected Cross-Site Scripting XSS vulnerability discovered by Nguyen Van Khanh Patchstack Alliance WordPress Asset CleanUp: Page Speed Booster plugin versions = 1.3.8.4 Solution Update the WordPress Asset CleanUp: Page Speed Booster plugin to the latest available version at least...
WordPress Asset CleanUp: Page Speed Booster plugin cross-site scripting vulnerability
WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. Asset CleanUp:Page Speed Booster WordPress plugin prior to version 1.3.8.5 is vulnerable to a cross-site scripting vulnerability, which stems from the fact that the wpacuselectedsub tabarea parameter is...
WordPress Asset CleanUp: Page Speed Booster plugin cross-site scripting vulnerability
WordPress is a blogging platform developed by the WordPress Foundation using the PHP language.Asset CleanUp:Page Speed Booster WordPress plugin in versions prior to 1.3.8.5 has a cross-site scripting vulnerability that stems from a lack of data validation filtering of user-supplied data and outpu...
WordPress Asset CleanUp: Page Speed Booster Plugin < 1.3.8.5 Multiple XSS Vulnerabilities
The WordPress plugin Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it...
CVE-2021-24983
The Asset CleanUp: Page Speed Booster WordPress plugin before 1.3.8.5 does not sanitise and escape POSted parameters sent to the wpassetcleanupfetchactivepluginsicons AJAX action available to admin users, leading to a Reflected Cross-Site Scripting issue...
CVE-2021-24983
The Asset CleanUp: Page Speed Booster WordPress plugin before 1.3.8.5 does not sanitise and escape POSted parameters sent to the wpassetcleanupfetchactivepluginsicons AJAX action available to admin users, leading to a Reflected Cross-Site Scripting issue...
CVE-2021-24937
The Asset CleanUp: Page Speed Booster WordPress plugin before 1.3.8.5 does not escape the wpacuselectedsubtabarea parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting issue...
Cross site scripting
The Asset CleanUp: Page Speed Booster WordPress plugin before 1.3.8.5 does not escape the wpacuselectedsubtabarea parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting issue...
CVE-2021-24983 Asset CleanUp < 1.3.8.5 - Reflected Cross-Site Scripting via AJAX Action
The Asset CleanUp: Page Speed Booster WordPress plugin before 1.3.8.5 does not sanitise and escape POSted parameters sent to the wpassetcleanupfetchactivepluginsicons AJAX action available to admin users, leading to a Reflected Cross-Site Scripting issue...
CVE-2021-24937
The CVE-2021-24937 entry concerns the WordPress plugin Asset CleanUp: Page Speed Booster prior to version 1.3.8.5. The root cause is improper escaping of the wpacu_selected_sub_tab_area parameter in admin-page output, enabling a Reflected Cross-Site Scripting (XSS) vulnerability. Multiple sources...
CVE-2021-24937 Asset CleanUp < 1.3.8.5 - Reflected Cross-Site Scripting
The Asset CleanUp: Page Speed Booster WordPress plugin before 1.3.8.5 does not escape the wpacuselectedsubtabarea parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting issue...
WordPress plugin 跨站脚本漏洞
WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. Asset CleanUp:Page Speed Booster WordPress plugin prior to version 1.3.8.5 is vulnerable to a cross-site scripting vulnerability, which stems from the fact that the wpacuselectedsub tabarea parameter is...
WordPress plugin跨站脚本漏洞
WordPress is a blogging platform developed by the WordPress Foundation using the PHP language.Asset CleanUp:Page Speed Booster WordPress plugin in versions prior to 1.3.8.5 has a cross-site scripting vulnerability that stems from a lack of data validation filtering of user-supplied data and outpu...
Asset CleanUp < 1.3.8.5 - Reflected Cross-Site Scripting via AJAX Action
The plugin does not sanitise and escape POSted parameters sent to the wpassetcleanupfetchactivepluginsicons AJAX action available to admin users, leading to a Reflected Cross-Site Scripting issue alert/XSS/" / var form1 = document.getElementById'hack'; form1.submit;...
Asset CleanUp < 1.3.8.5 - Reflected Cross-Site Scripting
The plugin does not escape the wpacuselectedsubtabarea parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting issue...
Asset CleanUp < 1.3.8.5 - Reflected Cross-Site Scripting
The plugin does not escape the wpacuselectedsubtabarea parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting issue PoC...
WordPress Asset CleanUp plugin <= 1.3.8.4 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by JrXnm in WordPress Asset CleanUp plugin versions = 1.3.8.4. Solution Update the WordPress Asset CleanUp plugin to the latest available version at least 1.3.8.5...
Asset CleanUp < 1.3.8.5 - Reflected Cross-Site Scripting via AJAX Action
The plugin does not sanitise and escape POSted parameters sent to the wpassetcleanupfetchactivepluginsicons AJAX action available to admin users, leading to a Reflected Cross-Site Scripting issue PoC...
WordPress Asset CleanUp plugin <= 1.3.8.4 - Reflected Cross-Site Scripting (XSS) vulnerability via AJAX Action
Reflected Cross-Site Scripting XSS vulnerability via AJAX Action discovered by JrXnm in WordPress Asset CleanUp plugin versions = 1.3.8.4. Solution Update the WordPress Asset CleanUp plugin to the latest available version at least 1.3.8.5...