3 matches found
CVE-2021-24937
The Asset CleanUp: Page Speed Booster WordPress plugin before 1.3.8.5 does not escape the wpacuselectedsubtabarea parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting issue...
CVE-2021-24937
The CVE-2021-24937 entry concerns the WordPress plugin Asset CleanUp: Page Speed Booster prior to version 1.3.8.5. The root cause is improper escaping of the wpacu_selected_sub_tab_area parameter in admin-page output, enabling a Reflected Cross-Site Scripting (XSS) vulnerability. Multiple sources...
CVE-2021-24937 Asset CleanUp < 1.3.8.5 - Reflected Cross-Site Scripting
The Asset CleanUp: Page Speed Booster WordPress plugin before 1.3.8.5 does not escape the wpacuselectedsubtabarea parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting issue...