Lucene search
K

62 matches found

Positive Technologies
Positive Technologies
added 2022/10/11 12:0 a.m.5 views

PT-2022-10596 · WordPress · Asset Cleanup: Page Speed Booster

Name of the Vulnerable Software and Affected Versions: Asset CleanUp: Page Speed Booster plugin versions = 1.3.8.4 Description: The issue is related to an Authenticated Reflected Cross-Site Scripting XSS vulnerability. This type of vulnerability allows an attacker to inject malicious scripts into...

4.8CVSS4.9AI score0.00442EPSS
Exploits0References3
Patchstack
Patchstack
added 2022/09/28 12:0 a.m.22 views

WordPress Asset CleanUp: Page Speed Booster plugin <= 1.3.8.4 - Authenticated Reflected Cross-Site Scripting (XSS) vulnerability

Authenticated Reflected Cross-Site Scripting XSS vulnerability discovered by Nguyen Van Khanh Patchstack Alliance WordPress Asset CleanUp: Page Speed Booster plugin versions = 1.3.8.4 Solution Update the WordPress Asset CleanUp: Page Speed Booster plugin to the latest available version at least...

4.8CVSS2AI score0.00442EPSS
Exploits0Affected Software1
CNVD
CNVD
added 2022/02/10 12:0 a.m.20 views

WordPress Asset CleanUp: Page Speed Booster plugin cross-site scripting vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. Asset CleanUp:Page Speed Booster WordPress plugin prior to version 1.3.8.5 is vulnerable to a cross-site scripting vulnerability, which stems from the fact that the wpacuselectedsub tabarea parameter is...

4.3CVSS1.1AI score0.008EPSS
Exploits2Affected Software1
CNVD
CNVD
added 2022/02/10 12:0 a.m.17 views

WordPress Asset CleanUp: Page Speed Booster plugin cross-site scripting vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language.Asset CleanUp:Page Speed Booster WordPress plugin in versions prior to 1.3.8.5 has a cross-site scripting vulnerability that stems from a lack of data validation filtering of user-supplied data and outpu...

4.3CVSS2.4AI score0.00956EPSS
Exploits2Affected Software1
OpenVAS
OpenVAS
added 2022/02/08 12:0 a.m.9 views

WordPress Asset CleanUp: Page Speed Booster Plugin < 1.3.8.5 Multiple XSS Vulnerabilities

The WordPress plugin Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it...

6.1CVSS6.3AI score0.00956EPSS
Exploits4References2
OSV
OSV
added 2022/02/01 1:15 p.m.6 views

CVE-2021-24983

The Asset CleanUp: Page Speed Booster WordPress plugin before 1.3.8.5 does not sanitise and escape POSted parameters sent to the wpassetcleanupfetchactivepluginsicons AJAX action available to admin users, leading to a Reflected Cross-Site Scripting issue...

6.1CVSS5.8AI score0.00956EPSS
Exploits2References1
NVD
NVD
added 2022/02/01 1:15 p.m.21 views

CVE-2021-24983

The Asset CleanUp: Page Speed Booster WordPress plugin before 1.3.8.5 does not sanitise and escape POSted parameters sent to the wpassetcleanupfetchactivepluginsicons AJAX action available to admin users, leading to a Reflected Cross-Site Scripting issue...

6.1CVSS0.00956EPSS
Exploits2References1
NVD
NVD
added 2022/02/01 1:15 p.m.16 views

CVE-2021-24937

The Asset CleanUp: Page Speed Booster WordPress plugin before 1.3.8.5 does not escape the wpacuselectedsubtabarea parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting issue...

6.1CVSS0.008EPSS
Exploits2References1
Prion
Prion
added 2022/02/01 1:15 p.m.15 views

Cross site scripting

The Asset CleanUp: Page Speed Booster WordPress plugin before 1.3.8.5 does not escape the wpacuselectedsubtabarea parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting issue...

4.3CVSS6.1AI score0.008EPSS
Exploits2References1
Cvelist
Cvelist
added 2022/02/01 12:21 p.m.25 views

CVE-2021-24983 Asset CleanUp < 1.3.8.5 - Reflected Cross-Site Scripting via AJAX Action

The Asset CleanUp: Page Speed Booster WordPress plugin before 1.3.8.5 does not sanitise and escape POSted parameters sent to the wpassetcleanupfetchactivepluginsicons AJAX action available to admin users, leading to a Reflected Cross-Site Scripting issue...

6.2AI score0.00956EPSS
Exploits2References1
CVE
CVE
added 2022/02/01 12:21 p.m.42 views

CVE-2021-24937

The CVE-2021-24937 entry concerns the WordPress plugin Asset CleanUp: Page Speed Booster prior to version 1.3.8.5. The root cause is improper escaping of the wpacu_selected_sub_tab_area parameter in admin-page output, enabling a Reflected Cross-Site Scripting (XSS) vulnerability. Multiple sources...

6.1CVSS6AI score0.008EPSS
Exploits2References1Affected Software1
Cvelist
Cvelist
added 2022/02/01 12:21 p.m.24 views

CVE-2021-24937 Asset CleanUp < 1.3.8.5 - Reflected Cross-Site Scripting

The Asset CleanUp: Page Speed Booster WordPress plugin before 1.3.8.5 does not escape the wpacuselectedsubtabarea parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting issue...

6.2AI score0.008EPSS
Exploits2References1
CNNVD
CNNVD
added 2022/02/01 12:0 a.m.4 views

WordPress plugin 跨站脚本漏洞

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. Asset CleanUp:Page Speed Booster WordPress plugin prior to version 1.3.8.5 is vulnerable to a cross-site scripting vulnerability, which stems from the fact that the wpacuselectedsub tabarea parameter is...

6.1CVSS5.7AI score0.008EPSS
Exploits2References2
CNNVD
CNNVD
added 2022/02/01 12:0 a.m.3 views

WordPress plugin跨站脚本漏洞

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language.Asset CleanUp:Page Speed Booster WordPress plugin in versions prior to 1.3.8.5 has a cross-site scripting vulnerability that stems from a lack of data validation filtering of user-supplied data and outpu...

6.1CVSS5.6AI score0.00956EPSS
Exploits2References1
wpexploit
wpexploit
added 2022/01/03 12:0 a.m.110 views

Asset CleanUp < 1.3.8.5 - Reflected Cross-Site Scripting via AJAX Action

The plugin does not sanitise and escape POSted parameters sent to the wpassetcleanupfetchactivepluginsicons AJAX action available to admin users, leading to a Reflected Cross-Site Scripting issue alert/XSS/" / var form1 = document.getElementById'hack'; form1.submit;...

6.1CVSS0.4AI score0.00956EPSS
Exploits2
wpexploit
wpexploit
added 2022/01/03 12:0 a.m.93 views

Asset CleanUp < 1.3.8.5 - Reflected Cross-Site Scripting

The plugin does not escape the wpacuselectedsubtabarea parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting issue...

6.1CVSS1.2AI score0.008EPSS
Exploits2
WPVulnDB
WPVulnDB
added 2022/01/03 12:0 a.m.13 views

Asset CleanUp < 1.3.8.5 - Reflected Cross-Site Scripting

The plugin does not escape the wpacuselectedsubtabarea parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting issue PoC...

6.1CVSS0.4AI score0.008EPSS
Exploits2Affected Software1
Patchstack
Patchstack
added 2022/01/03 12:0 a.m.11 views

WordPress Asset CleanUp plugin <= 1.3.8.4 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by JrXnm in WordPress Asset CleanUp plugin versions = 1.3.8.4. Solution Update the WordPress Asset CleanUp plugin to the latest available version at least 1.3.8.5...

6.1CVSS2.2AI score0.008EPSS
Exploits2References3Affected Software1
WPVulnDB
WPVulnDB
added 2022/01/03 12:0 a.m.17 views

Asset CleanUp < 1.3.8.5 - Reflected Cross-Site Scripting via AJAX Action

The plugin does not sanitise and escape POSted parameters sent to the wpassetcleanupfetchactivepluginsicons AJAX action available to admin users, leading to a Reflected Cross-Site Scripting issue PoC...

6.1CVSS2.8AI score0.00956EPSS
Exploits2Affected Software1
Patchstack
Patchstack
added 2022/01/03 12:0 a.m.23 views

WordPress Asset CleanUp plugin <= 1.3.8.4 - Reflected Cross-Site Scripting (XSS) vulnerability via AJAX Action

Reflected Cross-Site Scripting XSS vulnerability via AJAX Action discovered by JrXnm in WordPress Asset CleanUp plugin versions = 1.3.8.4. Solution Update the WordPress Asset CleanUp plugin to the latest available version at least 1.3.8.5...

6.1CVSS3.3AI score0.00956EPSS
Exploits2References3Affected Software1
Rows per page
Query Builder