Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
wpvulndbJrXnmWPVDB-ID:31FDABB0-BC74-4D25-B0CD-C872AAE6CB2F
HistoryJan 03, 2022 - 12:00 a.m.

Asset CleanUp < 1.3.8.5 - Reflected Cross-Site Scripting via AJAX Action

2022-01-0300:00:00
JrXnm
wpscan.com
6
asset cleanup
reflected cross-site scripting
ajax action
sanitize
escape
posted parameters
xss

EPSS

0.001

Percentile

41.8%

JSON

The plugin does not sanitise and escape POSted parameters sent to the wpassetcleanup_fetch_active_plugins_icons AJAX action (available to admin users), leading to a Reflected Cross-Site Scripting issue

PoC

Related

cve 1
prion 1
nvd 1
cnvd 1
cvelist 1
patchstack 1
wpexploit 1
openvas 1
cve
cve
CVE-2021-24983
2022-02-01 13:15:09
prion
prion
Cross site scripting
2022-02-01 13:15:00
nvd
nvd
CVE-2021-24983
2022-02-01 13:15:09
cnvd
cnvd
WordPress Asset CleanUp: Page Speed Booster plugin cross-site scripting vulnerability
2022-02-10 00:00:00
cvelist
cvelist
CVE-2021-24983 Asset CleanUp < 1.3.8.5 - Reflected Cross-Site Scripting via AJAX Action
2022-02-01 12:21:34
patchstack
patchstack
WordPress Asset CleanUp plugin <= 1.3.8.4 - Reflected Cross-Site Scripting (XSS) vulnerability via AJAX Action
2022-01-03 00:00:00
wpexploit
wpexploit
Asset CleanUp < 1.3.8.5 - Reflected Cross-Site Scripting via AJAX Action
2022-01-03 00:00:00
openvas
openvas
WordPress Asset CleanUp: Page Speed Booster Plugin < 1.3.8.5 Multiple XSS Vulnerabilities
2022-02-08 00:00:00

EPSS

0.001

Percentile

41.8%

JSON
Related for WPVDB-ID:31FDABB0-BC74-4D25-B0CD-C872AAE6CB2F
cve1prion1nvd1cnvd1cvelist1patchstack1wpexploit1openvas1