WordPress Community Forum

WordPress Support => WordPress Vulnerability => Topic started by: Kailash on Jun 15, 2022, 10:26 AM

Title: WordPress Clearfy Cache plugin <= 2.0.4 - Cross-Site Scripting Vulnerability
Post by: Kailash on Jun 15, 2022, 10:26 AM
WordPress Clearfy Cache plugin <= 2.0.4 - Reflected Cross-Site Scripting (XSS) vulnerability

Plugin name: Clearfy Cache – WordPress optimization plugin, Minify HTML, CSS & JS, Defer
Vulnerable versions: <= 2.0.4
Fixed in: 2.0.5
CVE ID: N/A
Classification: Cross Site Scripting (XSS)
Publicly disclosed: 2022-06-14

Vulnerability Details

Reflected Cross-Site Scripting (XSS) vulnerability discovered by WPScanTeam in WordPress Clearfy Cache plugin (versions <= 2.0.4).

Solution

Update the WordPress Clearfy Cache plugin to the latest available version (at least 2.0.5).

Plugin Link: https://wordpress.org/plugins/clearfy/