cleantalk
Vulnerabilities and Security Researches

Vulnerabilities and security researches forwp-asset-clean-up wp-asset-clean-up

Direction: ascending
Jun 06, 2024

Asset CleanUp: Page Speed Booster # CVE-2021-24937

CVE, Research URL

CVE-2021-24937

Home page URL

Security reports for Asset CleanUp: Page Speed Booster

Application

Asset CleanUp: Page Speed Booster

Date
Feb 01, 2022
Research Description
The Asset CleanUp: Page Speed Booster WordPress plugin before 1.3.8.5 does not escape the wpacu_selected_sub_tab_area parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting issue
Affected versions
max 1.3.8.5.
Status
vulnerable

Asset CleanUp: Page Speed Booster # CVE-2021-24983

CVE, Research URL

CVE-2021-24983

Home page URL

Security reports for Asset CleanUp: Page Speed Booster

Application

Asset CleanUp: Page Speed Booster

Date
Feb 01, 2022
Research Description
The Asset CleanUp: Page Speed Booster WordPress plugin before 1.3.8.5 does not sanitise and escape POSted parameters sent to the wpassetcleanup_fetch_active_plugins_icons AJAX action (available to admin users), leading to a Reflected Cross-Site Scripting issue
Affected versions
max 1.3.6.7.
Status
vulnerable

Asset CleanUp: Page Speed Booster # CVE-2021-36899

CVE, Research URL

CVE-2021-36899

Home page URL

Security reports for Asset CleanUp: Page Speed Booster

Application

Asset CleanUp: Page Speed Booster

Date
Oct 11, 2022
Research Description
Authenticated (admin+) Reflected Cross-Site Scripting (XSS) vulnerability in Gabe Livan's Asset CleanUp: Page Speed Booster plugin <= 1.3.8.4 at WordPress.
Affected versions
max 1.3.6.7.
Status
vulnerable
Aug 20, 2024

Asset CleanUp: Page Speed Booster # CVE-2024-43314

CVE, Research URL

CVE-2024-43314

Home page URL

Security reports for Asset CleanUp: Page Speed Booster

Application

Asset CleanUp: Page Speed Booster

Date
Nov 01, 2024
Research Description
Missing Authorization vulnerability in Gabe Livan Asset CleanUp: Page Speed Booster allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Asset CleanUp: Page Speed Booster: from n/a through 1.3.9.3.
Affected versions
max 1.3.9.4.
Status
vulnerable
Dec 02, 2024

Asset CleanUp: Page Speed Booster # CVE-2024-53738

CVE, Research URL

CVE-2024-53738

Home page URL

Security reports for Asset CleanUp: Page Speed Booster

Application

Asset CleanUp: Page Speed Booster

Date
Dec 01, 2024
Research Description
Server-Side Request Forgery (SSRF) vulnerability in Gabe Livan Asset CleanUp: Page Speed Booster allows Server Side Request Forgery.This issue affects Asset CleanUp: Page Speed Booster: from n/a through 1.3.9.8.
Affected versions
max 1.3.9.8.
Status
vulnerable
May 13, 2026

Asset CleanUp: Page Speed Booster # CVE-2026-45212

CVE, Research URL

CVE-2026-45212

Home page URL

Security reports for Asset CleanUp: Page Speed Booster

Application

Asset CleanUp: Page Speed Booster

Date
May 12, 2026
Research Description
Missing Authorization vulnerability in Gabe Livan Asset CleanUp: Page Speed Booster wp-asset-clean-up allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Asset CleanUp: Page Speed Booster: from n/a through <= 1.4.0.3.
Affected versions
max 1.4.0.4.
Status
vulnerable