Hello, I received the following alert from WPEngine about this plugin:
“<Your site is> utilizing a vulnerable version of the Asset CleanUp: Page Speed Booster plugin.
At this time, we are not seeing that the plugin author has released an update or patch for this vulnerability.
WP Engine summary of the vulnerability: Data from an attacker could be interpreted as code by site visitors’ web browsers. The ability to run code in another site visitors’ browser can be abused to steal information, or modify site configuration.
Original 3rd-party’s report on the vulnerability: Please note that questions related to this article should be directed to the 3rd-party researcher and not WP Engine:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-33999
https://wpscan.com/vulnerability/58ab5352-d783-431a-b0a5-382381cc13fd“
Are you aware of this? Are there plans to address this?