Description
The Asset CleanUp: Page Speed Booster WordPress plugin before 1.3.8.5 does not escape the wpacu_selected_sub_tab_area parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting issue
Analysis and contextual insights are available on OpenCVE Cloud.
Remediation
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
Advisories
| Source | ID | Title |
|---|---|---|
EUVD |
EUVD-2021-11849 | The Asset CleanUp: Page Speed Booster WordPress plugin before 1.3.8.5 does not escape the wpacu_selected_sub_tab_area parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting issue |
References
History
No history.
Status: PUBLISHED
Assigner: WPScan
Published:
Updated: 2024-08-03T19:49:13.474Z
Reserved: 2021-01-14T00:00:00.000Z
Link: CVE-2021-24937
No data.
Status : Modified
Published: 2022-02-01T13:15:08.997
Modified: 2026-06-17T03:41:09.753
Link: CVE-2021-24937
No data.
OpenCVE Enrichment
No data.
Weaknesses
EUVD