cleantalk
Vulnerabilities and Security Researches

Asset CleanUp: Page Speed Booster, CVE-2021-24983

CVE, Research URL

CVE-2021-24983

Home page URL

Security reports for Asset CleanUp: Page Speed Booster

Application

Asset CleanUp: Page Speed Booster

Published on
Feb 01, 2022
Research Description
The Asset CleanUp: Page Speed Booster WordPress plugin before 1.3.8.5 does not sanitise and escape POSted parameters sent to the wpassetcleanup_fetch_active_plugins_icons AJAX action (available to admin users), leading to a Reflected Cross-Site Scripting issue
Affected versions
max 1.3.6.7.
Status
vulnerable
Previous vulnerability researches
Asset CleanUp: Page Speed Booster (CVE-2024-53738) , Dec 02, 2024
Asset CleanUp: Page Speed Booster (CVE-2024-43314) , Aug 20, 2024
Asset CleanUp: Page Speed Booster (CVE-2021-24937) , Jun 06, 2024
Asset CleanUp: Page Speed Booster (CVE-2021-24983) , Jun 06, 2024
Asset CleanUp: Page Speed Booster (CVE-2021-36899) , Jun 06, 2024
New vulnerability
WP Google Maps Integration (CVE-2026-7464) , May 13, 2026
MonsterInsights – Google Analytics Dashboard for WordPress (Website Stats Made Easy) (CVE-2026-5371) , May 13, 2026
bunny.net – WordPress CDN Plugin (CVE-2025-68049) , May 13, 2026
BJ Lazy Load (CVE-2026-2300) , May 13, 2026
WordPress Survey & Poll – Quiz, Survey and Poll Plugin for WordPress (CVE-2021-47941) , May 13, 2026