Vulnerabilities and security researches forwp-asset-clean-up wp-asset-clean-up

May 13, 2026

CVE, Research URL: CVE-2026-45212
Home page URL: Security reports for Asset CleanUp: Page Speed Booster
Application: Asset CleanUp: Page Speed Booster
Date: May 12, 2026
Research Description: Missing Authorization vulnerability in Gabe Livan Asset CleanUp: Page Speed Booster wp-asset-clean-up allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Asset CleanUp: Page Speed Booster: from n/a through <= 1.4.0.3.
Affected versions: max 1.4.0.4.
Status: vulnerable

Dec 02, 2024

CVE, Research URL: CVE-2024-53738
Home page URL: Security reports for Asset CleanUp: Page Speed Booster
Application: Asset CleanUp: Page Speed Booster
Date: Dec 01, 2024
Research Description: Server-Side Request Forgery (SSRF) vulnerability in Gabe Livan Asset CleanUp: Page Speed Booster allows Server Side Request Forgery.This issue affects Asset CleanUp: Page Speed Booster: from n/a through 1.3.9.8.
Affected versions: max 1.3.9.8.
Status: vulnerable

Aug 20, 2024

CVE, Research URL: CVE-2024-43314
Home page URL: Security reports for Asset CleanUp: Page Speed Booster
Application: Asset CleanUp: Page Speed Booster
Date: Nov 01, 2024
Research Description: Missing Authorization vulnerability in Gabe Livan Asset CleanUp: Page Speed Booster allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Asset CleanUp: Page Speed Booster: from n/a through 1.3.9.3.
Affected versions: max 1.3.9.4.
Status: vulnerable

Jun 06, 2024

CVE, Research URL: CVE-2021-24937
Home page URL: Security reports for Asset CleanUp: Page Speed Booster
Application: Asset CleanUp: Page Speed Booster
Date: Feb 01, 2022
Research Description: The Asset CleanUp: Page Speed Booster WordPress plugin before 1.3.8.5 does not escape the wpacu_selected_sub_tab_area parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting issue
Affected versions: max 1.3.8.5.
Status: vulnerable

CVE, Research URL: CVE-2021-24983
Home page URL: Security reports for Asset CleanUp: Page Speed Booster
Application: Asset CleanUp: Page Speed Booster
Date: Feb 01, 2022
Research Description: The Asset CleanUp: Page Speed Booster WordPress plugin before 1.3.8.5 does not sanitise and escape POSted parameters sent to the wpassetcleanup_fetch_active_plugins_icons AJAX action (available to admin users), leading to a Reflected Cross-Site Scripting issue
Affected versions: max 1.3.6.7.
Status: vulnerable

CVE, Research URL: CVE-2021-36899
Home page URL: Security reports for Asset CleanUp: Page Speed Booster
Application: Asset CleanUp: Page Speed Booster
Date: Oct 11, 2022
Research Description: Authenticated (admin+) Reflected Cross-Site Scripting (XSS) vulnerability in Gabe Livan's Asset CleanUp: Page Speed Booster plugin <= 1.3.8.4 at WordPress.
Affected versions: max 1.3.6.7.
Status: vulnerable