Title: WPEngine Vulnerability Alert Last modified: July 26, 2023 --- # WPEngine Vulnerability Alert * Resolved [mkulawik](https://wordpress.org/support/users/mkulawik/) * (@mkulawik) * [2 years, 10 months ago](https://wordpress.org/support/topic/wpengine-vulnerability-alert/) * Hello, I received the following alert from WPEngine about this plugin: * “ utilizing a vulnerable version of the Asset CleanUp: Page Speed Booster plugin. * At this time, we are not seeing that the plugin author has released an update or patch for this vulnerability. * WP Engine summary of the vulnerability: Data from an attacker could be interpreted as code by site visitors’ web browsers. The ability to run code in another site visitors’ browser can be abused to steal information, or modify site configuration. * Original 3rd-party’s report on the vulnerability: Please note that questions related to this article should be directed to the 3rd-party researcher and not WP Engine:  [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-33999](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-33999) [https://wpscan.com/vulnerability/58ab5352-d783-431a-b0a5-382381cc13fd](https://wpscan.com/vulnerability/58ab5352-d783-431a-b0a5-382381cc13fd)“ * Are you aware of this? Are there plans to address this? Viewing 5 replies - 1 through 5 (of 5 total) * Plugin Author [Gabe Livan](https://wordpress.org/support/users/gabelivan/) * (@gabelivan) * [2 years, 10 months ago](https://wordpress.org/support/topic/wpengine-vulnerability-alert/#post-16925557) * [@mkulawik](https://wordpress.org/support/users/mkulawik/) no, I am not. Thanks for reporting this! I assume you already use the latest version and this is something they just discovered. Of course, once I am aware of the actual vulnerability, a new version will be pushed with the fix. * Thread Starter [mkulawik](https://wordpress.org/support/users/mkulawik/) * (@mkulawik) * [2 years, 10 months ago](https://wordpress.org/support/topic/wpengine-vulnerability-alert/#post-16925589) * Thanks Gabe! I appreciate it. We just got the notice from WP Engine Security_ Plugin Vulnerability Notification system yesterday. We’re using Version 1.3.9.2 of the plugin. * Plugin Author [Gabe Livan](https://wordpress.org/support/users/gabelivan/) * (@gabelivan) * [2 years, 10 months ago](https://wordpress.org/support/topic/wpengine-vulnerability-alert/#post-16926865) * [@mkulawik](https://wordpress.org/support/users/mkulawik/) Last time I’ve checked the following URL – [https://wpscan.com/plugin/wp-asset-clean-up](https://wpscan.com/plugin/wp-asset-clean-up)– there was an “X” there and a notice that the problem wasn’t solved. Now, it shows that it was been fixed. It looks like it was a glitch on their end and they mistakenly marked it as not solved. Asset CleanUp does not use “Freemius SDK”. It hasn’t for years. I’ll mark this topic as “resolved”. * [dbp](https://wordpress.org/support/users/optimus203/) * (@optimus203) * [2 years, 10 months ago](https://wordpress.org/support/topic/wpengine-vulnerability-alert/#post-16930236) * Thank you Gabe! I was seeing this same issue. * Thread Starter [mkulawik](https://wordpress.org/support/users/mkulawik/) * (@mkulawik) * [2 years, 10 months ago](https://wordpress.org/support/topic/wpengine-vulnerability-alert/#post-16942908) * Thank you! Viewing 5 replies - 1 through 5 (of 5 total) The topic ‘WPEngine Vulnerability Alert’ is closed to new replies. * ![](https://ps.w.org/wp-asset-clean-up/assets/icon-256x256.png?rev=1981952) * [Asset CleanUp: Page Speed Booster](https://wordpress.org/plugins/wp-asset-clean-up/) * [Frequently Asked Questions](https://wordpress.org/plugins/wp-asset-clean-up/#faq) * [Support Threads](https://wordpress.org/support/plugin/wp-asset-clean-up/) * [Active Topics](https://wordpress.org/support/plugin/wp-asset-clean-up/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/wp-asset-clean-up/unresolved/) * [Reviews](https://wordpress.org/support/plugin/wp-asset-clean-up/reviews/) * 7 replies * 3 participants * Last reply from: [mkulawik](https://wordpress.org/support/users/mkulawik/) * Last activity: [2 years, 10 months ago](https://wordpress.org/support/topic/wpengine-vulnerability-alert/#post-16942908) * Status: resolved