6 matches found
CVE-2026-45212 WordPress Asset CleanUp: Page Speed Booster plugin <= 1.4.0.3 - Broken Access Control vulnerability
Missing Authorization vulnerability in Gabe Livan Asset CleanUp: Page Speed Booster wp-asset-clean-up allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Asset CleanUp: Page Speed Booster: from n/a through = 1.4.0.3...
CVE-2021-24937
The Asset CleanUp: Page Speed Booster WordPress plugin before 1.3.8.5 does not escape the wpacuselectedsubtabarea parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting issue...
CVE-2021-24983
The Asset CleanUp: Page Speed Booster WordPress plugin before 1.3.8.5 does not sanitise and escape POSted parameters sent to the wpassetcleanupfetchactivepluginsicons AJAX action available to admin users, leading to a Reflected Cross-Site Scripting issue...
CVE-2021-36899 WordPress Asset CleanUp: Page Speed Booster plugin <= 1.3.8.4 - Authenticated Reflected Cross-Site Scripting (XSS) vulnerability
Authenticated admin+ Reflected Cross-Site Scripting XSS vulnerability in Gabe Livan's Asset CleanUp: Page Speed Booster plugin = 1.3.8.4 at WordPress...
PT-2022-10596 · WordPress · Asset Cleanup: Page Speed Booster
Name of the Vulnerable Software and Affected Versions: Asset CleanUp: Page Speed Booster plugin versions = 1.3.8.4 Description: The issue is related to an Authenticated Reflected Cross-Site Scripting XSS vulnerability. This type of vulnerability allows an attacker to inject malicious scripts into...
CVE-2021-24983
The Asset CleanUp: Page Speed Booster WordPress plugin before 1.3.8.5 does not sanitise and escape POSted parameters sent to the wpassetcleanupfetchactivepluginsicons AJAX action available to admin users, leading to a Reflected Cross-Site Scripting issue...