security release for Server Side Request Forgery

I’m also worried about this, just saw the result of the security scan by Solid Security installed on my WordPress site. The Solid Security scan result says, “Server Side Request Forgery (SSRF) vulnerability discovered by Zaidan Rizaki (Patchstack Alliance) in WordPress Plugin Asset CleanUp: Page Speed Booster (versions <=1.3.9.8),” writing under the Solution subheading, “If no update is available, you should deactivate the plugin.?Muting the issue will exclude it from future scans.?Only mute the issue after you’ve confirmed the vulnerability does not affect your site.“

I have deactivated the plugin for now.

I hope somebody from AssetCleanup talks about this issue soon, offering a solution how to continue to safely use the Asset CleanUp Page Speed Booster plugin (it would be great to hear from @gabelivan himself on this issue).

Thank you.

@4smartbiz I’ve checked and, as they mentioned, “this security issue has a low severity impact and is unlikely to be exploited“. However, a fix is being applied and it will be ready in the next release, which will be released sooner, as no one wants this kind of things, even if the security risk is low.

Ok, I have seen @gabelivan’s reassuring post (my first post is still held “for moderation by our automated system and will be manually reviewed by a volunteer as soon as possible.”

Thank you for the update, Gabe!

Yup, I understood it to be a “low priority” threat and the characteristics of the exploit require Admin level permissions, so I’m happy to hear it is being addressed and will be released in a relatively short time frame. Thank you!

@4smartbiz @mynewprojectnews as this problem has been addressed in the most recent release, I will mark this topic as “resolved”. If you still have problems with it (e.g. still noticing the vulnerability somewhere in the plugin), let me know and for sure, I will check it out.