Description
Missing Authorization vulnerability in Gabe Livan Asset CleanUp: Page Speed Booster wp-asset-clean-up allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Asset CleanUp: Page Speed Booster: from n/a through <= 1.4.0.3.
Published: 2026-05-12
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is a missing authorization flaw that allows attackers to bypass the plugin’s access control rules. By exploiting the incorrect configuration of security levels, an attacker could gain unauthorized access to administrative functions normally reserved for privileged users. This could lead to unauthorized changes to site optimization settings, potentially compromising site performance or security. At its core, the flaw is a classic privilege escalation weakness, identified as CWE-862.

Affected Systems

The affected product is the WordPress plugin Asset CleanUp: Page Speed Booster developed by Gabe Livan. All releases from the earliest version through version 1.4.0.3 are vulnerable, as the issue was present up to and including that version.

Risk and Exploitability

The CVSS score of 5.3 indicates a moderate severity vulnerability. No EPSS score is currently available and the flaw is not listed in CISA’s KEV catalog. The likely attack vector is a remote web interface, where an unauthenticated or minimally authenticated user could request privileged API endpoints. While the exploitation path is straightforward once the vulnerability is discovered, the lack of widespread exploitation reports means the immediate risk remains moderate until a patch is applied.

Generated by OpenCVE AI on May 12, 2026 at 12:22 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Identify the version of the Asset CleanUp: Page Speed Booster plugin installed on each site instance.
  • Upgrade the plugin to a version newer than 1.4.0.3 or to the latest release from the vendor.
  • Re‑evaluate the plugin’s access control settings to confirm that only authenticated administrators can access privileged functionality, or disable any configuration that allows broad permissions.
  • If an upgrade is temporarily infeasible, restrict the plugin’s functionality by disabling it for non‑admin users or by removing the plugin entirely until a patch can be deployed.

Generated by OpenCVE AI on May 12, 2026 at 12:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 13 May 2026 11:00:00 +0000

Type Values Removed Values Added
First Time appeared Gabe Livan
Gabe Livan asset Cleanup: Page Speed Booster
Wordpress
Wordpress wordpress
Vendors & Products Gabe Livan
Gabe Livan asset Cleanup: Page Speed Booster
Wordpress
Wordpress wordpress

Tue, 12 May 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 12 May 2026 11:15:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in Gabe Livan Asset CleanUp: Page Speed Booster wp-asset-clean-up allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Asset CleanUp: Page Speed Booster: from n/a through <= 1.4.0.3.
Title WordPress Asset CleanUp: Page Speed Booster plugin <= 1.4.0.3 - Broken Access Control vulnerability
Weaknesses CWE-862
References
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L'}

Subscriptions

Gabe Livan Asset Cleanup: Page Speed Booster
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-05-12T13:21:08.616Z

Reserved: 2026-05-11T14:11:52.757Z

Link: CVE-2026-45212

cve-icon Vulnrichment

Updated: 2026-05-12T13:20:55.420Z

cve-icon NVD

Status : Deferred

Published: 2026-05-12T11:16:20.610

Modified: 2026-05-12T14:03:52.757

Link: CVE-2026-45212

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-13T10:39:02Z

Weaknesses