WP-Safety

Asset CleanUp: Page Speed Booster Security & Risk Analysis

wordpress.org/plugins/wp-asset-clean-up

Make your website load FASTER by stopping specific styles (.CSS) & scripts (.JS) from loading. It works best with a page caching plugin / service.

100K active installs v1.4.0.3 PHP 5.6+ WP 4.5+ Updated Mar 12, 2025
defer-css-javascriptdequeueminify-cssminify-javascriptpage-speed
89
A · Safe
CVEs total6
Unpatched0
Last CVENov 27, 2024
Plugin page Download
Safety Verdict

Is Asset CleanUp: Page Speed Booster Safe to Use in 2026?

Generally Safe

Score 89/100

Asset CleanUp: Page Speed Booster has a strong security track record. Known vulnerabilities have been patched promptly.

6 known CVEsLast CVE: Nov 27, 2024Updated 1yr ago
Risk Assessment

The wp-asset-clean-up v1.4.0.3 plugin exhibits a mixed security posture. On the positive side, it has a very small attack surface with no exposed AJAX handlers, REST API routes, or shortcodes lacking authentication or permission checks. The vast majority of its SQL queries utilize prepared statements, and a significant portion of its output is properly escaped, indicating good development practices in these areas. The plugin also demonstrates a strong focus on security by implementing numerous nonce and capability checks.

However, several concerning signals are present. The `unserialize` function is used, which is a known source of vulnerabilities if not handled with extreme care, especially when processing untrusted input. While the taint analysis shows no critical or high severity flows, there are two flows with unsanitized paths, which, combined with the use of `unserialize`, warrants further investigation. The vulnerability history reveals six medium-severity CVEs, with common types including SSRF and XSS, which were previously present. The fact that these have been patched is positive, but their recurrence suggests potential recurring coding patterns that could be exploited in future versions if not thoroughly addressed.

In conclusion, while the plugin has made strides in securing its entry points and data handling, the presence of `unserialize` and past vulnerabilities in sensitive areas like SSRF and XSS indicate areas where ongoing vigilance and robust sanitization are crucial. The absence of currently unpatched vulnerabilities is a strength, but the historical pattern suggests a need for continued rigorous security auditing.

Key Concerns

  • Use of unserialize function
  • Flows with unsanitized paths found
  • Previously known medium severity vulnerabilities
Vulnerabilities
6

Asset CleanUp: Page Speed Booster Security Vulnerabilities

CVEs by Year

1 CVE in 2015
2015
3 CVEs in 2022
2022
2 CVEs in 2024
2024
Patched Has unpatched

Severity Breakdown

Medium
6

6 total CVEs

CVE-2024-53738medium · 5.5Server-Side Request Forgery (SSRF)

Asset CleanUp: Page Speed Booster <= 1.3.9.8 - Authenticated (Admin+) Server-Side Request Forgery

Nov 27, 2024 Patched in 1.3.9.9 (16d)
CVE-2024-43314medium · 4.3Missing Authorization

Asset CleanUp: Page Speed Booster <= 1.3.9.3 - Missing Authorization

Aug 16, 2024 Patched in 1.3.9.4 (4d)
CVE-2021-36899medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Asset CleanUp: Page Speed Booster <= 1.3.8.4 - Reflected Cross-Site Scripting

Sep 28, 2022 Patched in 1.3.8.5 (482d)
CVE-2021-24983medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Asset CleanUp <= 1.3.8.4 - Reflected Cross-Site Scripting via AJAX Action

Jan 3, 2022 Patched in 1.3.8.5 (750d)
CVE-2021-24937medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Asset CleanUp <= 1.3.8.4 - Reflected Cross-Site Scripting

Jan 3, 2022 Patched in 1.3.8.5 (750d)
WF-dfd638bb-ae0b-403d-8d34-c4b62a749d7f-wp-asset-clean-upmedium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Asset CleanUp: Page Speed Booster <= 1.3.6.6 - Reflected Cross-Site Scripting

Apr 20, 2015 Patched in 1.3.6.7 (3200d)
Code Analysis
Analyzed Mar 16, 2026

Asset CleanUp: Page Speed Booster Code Analysis

Dangerous Functions
1
Raw SQL Queries
4
38 prepared
Unescaped Output
722
1287 escaped
Nonce Checks
32
Capability Checks
12
File Operations
26
External Requests
12
Bundled Libraries
2

Dangerous Functions Found

unserialize$pluginInfo = @unserialize($body['body']);classes\Admin\MiscAdmin.php:189

Bundled Libraries

jQueryDataTables

SQL Query Safety

90% prepared42 total queries

Output Escaping

64% escaped2009 total outputs
Data Flows
2 unsanitized

Data Flow Analysis

16 flows2 with unsanitized paths
triggersAfterInitFrontendView (classes\MainFront.php:261)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Asset CleanUp: Page Speed Booster Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 233
actionadmin_enqueue_scriptsclasses\Admin\AjaxSearchPagesAutocomplete.php:19
actionadmin_headclasses\Admin\Announcements.php:112
actionadmin_noticesclasses\Admin\Announcements.php:120
actionadmin_initclasses\Admin\Announcements.php:127
actionadmin_footerclasses\Admin\Announcements.php:130
actionadmin_initclasses\Admin\Announcements.php:134
actionadmin_initclasses\Admin\Announcements.php:137
actionwpacu_admin_noticesclasses\Admin\AssetsManagerAdmin.php:143
actionwpacu_admin_noticesclasses\Admin\AssetsManagerAdmin.php:180
actionadmin_initclasses\Admin\CriticalCssAdmin.php:32
actionadmin_initclasses\Admin\CriticalCssAdmin.php:37
actionwpacu_assets_plugin_notice_table_rowclasses\Admin\Info.php:18
actionadmin_footerclasses\Admin\MainAdmin.php:76
actioninitclasses\Admin\MainAdmin.php:81
filterrocket_cache_reject_uriclasses\Admin\MainAdmin.php:92
filteruser_has_capclasses\Admin\MainAdmin.php:100
filterstyle_loader_tagclasses\Admin\MainAdmin.php:106
filterscript_loader_tagclasses\Admin\MainAdmin.php:112
filtershow_admin_barclasses\Admin\MainAdmin.php:120
actionadmin_headclasses\Admin\MainAdmin.php:127
filtershow_admin_barclasses\Admin\MainAdmin.php:297
actionwp_enqueue_scriptsclasses\Admin\MainAdmin.php:302
actionwp_print_footer_scriptsclasses\Admin\MainAdmin.php:305
actionwp_footerclasses\Admin\MainAdmin.php:306
actionshutdownclasses\Admin\MainAdmin.php:336
actionshutdownclasses\Admin\MainAdmin.php:385
filterw3tc_minify_enableclasses\Admin\MainAdmin.php:665
actionshutdownclasses\Admin\MainAdmin.php:1025
actionshutdownclasses\Admin\MainAdmin.php:1038
actionwp_footerclasses\Admin\MainAdmin.php:1323
actionadmin_noticesclasses\Admin\Overview.php:62
actionadmin_noticesclasses\Admin\Overview.php:89
actionadmin_noticesclasses\Admin\Overview.php:116
actionadmin_initclasses\Admin\Plugin.php:43
filteradmin_footer_textclasses\Admin\Plugin.php:47
actioninitclasses\Admin\PluginAnnouncements.php:128
actionadmin_headclasses\Admin\PluginAnnouncements.php:134
actionadmin_footerclasses\Admin\PluginAnnouncements.php:137
actionadmin_noticesclasses\Admin\PluginAnnouncements.php:140
actionadmin_initclasses\Admin\PluginAnnouncements.php:143
actionadmin_initclasses\Admin\PluginAnnouncements.php:147
actionadmin_initclasses\Admin\PluginAnnouncements.php:150
actionadmin_noticesclasses\Admin\PluginReview.php:37
actionadmin_headclasses\Admin\PluginReview.php:46
actionadmin_footerclasses\Admin\PluginReview.php:49
actionadmin_initclasses\Admin\SettingsAdmin.php:27
actionwpacu_admin_noticesclasses\Admin\SettingsAdmin.php:30
actionadmin_footerclasses\Admin\SettingsAdmin.php:34
actionadmin_initclasses\Admin\Tools.php:71
actionwpacu_admin_noticesclasses\Admin\Tools.php:113
actionwpacu_admin_noticesclasses\Admin\Tools.php:131
actionadmin_headclasses\AdminBar.php:18
actionwp_headclasses\AdminBar.php:19
actionadmin_bar_menuclasses\AdminBar.php:21
filterwpacu_get_asset_sizeclasses\AssetsManager.php:47
actionwpacu_admin_noticesclasses\BulkChanges.php:158
actionwpacu_admin_noticesclasses\BulkChanges.php:166
actioninitclasses\CleanUp.php:22
filterthe_generatorclasses\CleanUp.php:71
filterfeed_links_show_posts_feedclasses\CleanUp.php:98
filterfeed_links_show_comments_feedclasses\CleanUp.php:104
filterxmlrpc_enabledclasses\CleanUp.php:114
filterxmlrpc_methodsclasses\CleanUp.php:166
filterwp_headersclasses\CleanUp.php:172
filtertiny_mce_pluginsclasses\CleanUp.php:481
filteremoji_svg_urlclasses\CleanUp.php:483
actioninitclasses\CleanUp.php:505
filterembed_oembed_discoverclasses\CleanUp.php:510
filtertiny_mce_pluginsclasses\CleanUp.php:521
filterrewrite_rules_arrayclasses\CleanUp.php:526
actiondo_feedclasses\CleanUp.php:547
actiondo_feed_rdfclasses\CleanUp.php:548
actiondo_feed_rssclasses\CleanUp.php:549
actiondo_feed_rss2classes\CleanUp.php:550
actiondo_feed_atomclasses\CleanUp.php:551
actiondo_feed_rss2_commentsclasses\CleanUp.php:552
actiondo_feed_atom_commentsclasses\CleanUp.php:553
filtershow_admin_barclasses\CleanUp.php:577
filterautoptimize_filter_noptimizeclasses\CleanUp.php:583
actionplugins_loadedclasses\CleanUp.php:593
filterget_rocket_option_minify_cssclasses\CleanUp.php:598
filterget_rocket_option_minify_concatenate_cssclasses\CleanUp.php:599
filterget_rocket_option_minify_jsclasses\CleanUp.php:601
filterget_rocket_option_minify_concatenate_jsclasses\CleanUp.php:602
filterw3tc_minify_enableclasses\CleanUp.php:605
filtersgo_pb_paramsclasses\CleanUp.php:613
filtersgo_css_combine_excludeclasses\CleanUp.php:620
filtersgo_css_minify_excludeclasses\CleanUp.php:621
filtersgo_js_minify_excludeclasses\CleanUp.php:622
filtersgo_js_async_excludeclasses\CleanUp.php:623
filtersgo_html_minify_exclude_paramsclasses\CleanUp.php:625
actionwp_footerclasses\Debug.php:19
actioncurrent_screenclasses\Lite.php:17
filterduplicate_post_meta_keys_filterclasses\Main.php:210
actionwpclasses\Main.php:236
actioninitclasses\Main.php:256
filterwpacu_filter_styles_list_unloadclasses\Main.php:1036
filterwpacu_filter_scripts_list_unloadclasses\Main.php:1037
actioninitclasses\MainFront.php:48
actionwpclasses\MainFront.php:54
actionwpclasses\MainFront.php:55
actiontemplate_redirectclasses\MainFront.php:57
actiontemplate_redirectclasses\MainFront.php:58
filtershow_admin_barclasses\MainFront.php:72
actionwp_print_stylesclasses\MainFront.php:87
actionwp_print_stylesclasses\MainFront.php:89
actionwp_print_scriptsclasses\MainFront.php:90
actionwp_print_footer_scriptsclasses\MainFront.php:91
filterwpacu_ignore_child_parent_listclasses\MainFront.php:102
actionwp_print_stylesclasses\MainFront.php:107
actionwp_print_stylesclasses\MainFront.php:112
actionwp_print_scriptsclasses\MainFront.php:113
actionwp_print_stylesclasses\MainFront.php:115
actionwp_print_footer_scriptsclasses\MainFront.php:120
filterstyle_loader_tagclasses\MainFront.php:133
filterscript_loader_tagclasses\MainFront.php:140
actionwp_headclasses\MainFront.php:148
filterstyle_loader_tagclasses\MainFront.php:168
filterscript_loader_tagclasses\MainFront.php:207
actionwp_print_stylesclasses\MainFront.php:377
actionwp_loadedclasses\MainFront.php:891
actionwpclasses\Maintenance.php:22
actioninitclasses\Maintenance.php:23
actionadmin_initclasses\Maintenance.php:26
actioninitclasses\Maintenance.php:34
actionwpacu_daily_scheduled_eventsclasses\Maintenance.php:76
actionadmin_menuclasses\Menu.php:37
filteradmin_body_classclasses\Menu.php:43
filterpost_row_actionsclasses\Menu.php:53
filterpage_row_actionsclasses\Menu.php:54
actionadmin_page_access_deniedclasses\Menu.php:56
actionwp_loadedclasses\Menu.php:228
actionadd_meta_boxesclasses\MetaBoxes.php:58
actionadd_meta_boxesclasses\MetaBoxes.php:59
actionwp_headclasses\OptimiseAssets\CriticalCss.php:24
filterwpacu_alter_source_for_critical_cssclasses\OptimiseAssets\CriticalCss.php:33
filterwpacu_critical_cssclasses\OptimiseAssets\CriticalCss.php:38
filterwp_resource_hintsclasses\OptimiseAssets\FontsGoogle.php:44
actionwp_headclasses\OptimiseAssets\FontsGoogle.php:46
actionwp_footerclasses\OptimiseAssets\FontsGoogle.php:47
filterwpacu_html_source_after_optimizationclasses\OptimiseAssets\FontsGoogle.php:55
actioninitclasses\OptimiseAssets\FontsGoogle.php:60
filterstyle_loader_srcclasses\OptimiseAssets\FontsGoogle.php:67
filterwpacu_local_fonts_display_css_outputclasses\OptimiseAssets\FontsLocal.php:18
filterwpacu_local_fonts_display_style_inlineclasses\OptimiseAssets\FontsLocal.php:19
actionwp_headclasses\OptimiseAssets\FontsLocal.php:21
actionswitch_themeclasses\OptimiseAssets\OptimizeCommon.php:59
actionafter_switch_themeclasses\OptimiseAssets\OptimizeCommon.php:60
actioninitclasses\OptimiseAssets\OptimizeCommon.php:65
actionadmin_post_assetcleanup_clear_assets_cacheclasses\OptimiseAssets\OptimizeCommon.php:74
actionadmin_noticesclasses\OptimiseAssets\OptimizeCommon.php:81
actionwp_trash_postclasses\OptimiseAssets\OptimizeCommon.php:87
actiondelete_postclasses\OptimiseAssets\OptimizeCommon.php:88
actionadmin_initclasses\OptimiseAssets\OptimizeCommon.php:91
actionwpclasses\OptimiseAssets\OptimizeCommon.php:99
filterautoptimize_filter_html_before_minifyclasses\OptimiseAssets\OptimizeCommon.php:110
filtercache_enabler_before_storeclasses\OptimiseAssets\OptimizeCommon.php:118
filtercache_enabler_page_contents_before_storeclasses\OptimiseAssets\OptimizeCommon.php:126
filterw3tc_minify_beforeclasses\OptimiseAssets\OptimizeCommon.php:134
filterlitespeed_optm_html_headclasses\OptimiseAssets\OptimizeCommon.php:139
filterlitespeed_optm_html_footclasses\OptimiseAssets\OptimizeCommon.php:146
filterrocket_bufferclasses\OptimiseAssets\OptimizeCommon.php:157
filterhmwp_process_bufferclasses\OptimiseAssets\OptimizeCommon.php:169
filterwpacu_print_info_comments_in_cached_assetsclasses\OptimiseAssets\OptimizeCommon.php:170
filterwpacu_html_source_after_optimizationclasses\OptimiseAssets\OptimizeCommon.php:172
actioninitclasses\OptimiseAssets\OptimizeCommon.php:180
actionwp_loadedclasses\OptimiseAssets\OptimizeCommon.php:201
actioninitclasses\OptimiseAssets\OptimizeCommon.php:206
actionshutdownclasses\OptimiseAssets\OptimizeCommon.php:210
actioninitclasses\OptimiseAssets\OptimizeCss.php:33
actionwp_footerclasses\OptimiseAssets\OptimizeCss.php:35
filterwpacu_html_source_after_optimizationclasses\OptimiseAssets\OptimizeCss.php:45
filterwpacu_add_noscript_certain_link_tagsclasses\OptimiseAssets\OptimizeCss.php:50
filterrocket_async_css_regex_patternclasses\OptimiseAssets\OptimizeCss.php:63
filterstyle_loader_tagclasses\OptimiseAssets\OptimizeCss.php:67
actionwp_print_footer_scriptsclasses\OptimiseAssets\OptimizeJs.php:27
actionadmin_enqueue_scriptsclasses\OwnAssets.php:245
actionwp_enqueue_scriptsclasses\OwnAssets.php:246
actionadmin_enqueue_scriptsclasses\OwnAssets.php:251
actionwp_enqueue_scriptsclasses\OwnAssets.php:252
actionadmin_headclasses\OwnAssets.php:256
actionadmin_footerclasses\OwnAssets.php:257
actionadmin_headclasses\OwnAssets.php:260
actionwp_headclasses\OwnAssets.php:261
actionadmin_footerclasses\OwnAssets.php:263
actionwp_footerclasses\OwnAssets.php:264
filterscript_loader_srcclasses\OwnAssets.php:268
filterstyle_loader_srcclasses\OwnAssets.php:269
filterstyle_loader_tagclasses\OwnAssets.php:271
filterscript_loader_tagclasses\OwnAssets.php:272
actionadmin_headclasses\OwnAssets.php:587
actionwpclasses\PluginTracking.php:29
actioninitclasses\PluginTracking.php:30
actionadmin_initclasses\PluginTracking.php:35
actionwpacu_before_save_settingsclasses\PluginTracking.php:40
actionadmin_noticesclasses\PluginTracking.php:43
actionadmin_headclasses\PluginTracking.php:45
actionadmin_footerclasses\PluginTracking.php:46
actionwpacu_weekly_scheduled_eventsclasses\PluginTracking.php:295
filterwpfc_buffer_callback_filterclasses\Preloads.php:54
actioninitclasses\Preloads.php:60
filterstyle_loader_tagclasses\Preloads.php:65
filterscript_loader_tagclasses\Preloads.php:66
actionwp_headclasses\Preloads.php:69
actionadmin_initclasses\Preloads.php:109
actionwpacu_admin_noticesclasses\Preloads.php:117
filterwpacu_settingsclasses\Settings.php:304
filteradmin_initclasses\Settings.php:316
actioninitclasses\Update.php:85
actionsave_postclasses\Update.php:89
filterwpacu_get_all_assoc_post_idsclasses\Update.php:93
actionwpclasses\Update.php:122
actiontemplate_redirectclasses\Update.php:124
actiontemplate_redirectclasses\Update.php:128
actionwpacu_admin_noticesclasses\Update.php:451
actionwpacu_admin_noticesclasses\Update.php:533
actionlitespeed_disable_allearly-triggers.php:31
filterpre_option_wpo_minify_configearly-triggers.php:36
filtershow_admin_barearly-triggers.php:968
filterwpacu_prevent_any_frontend_optimizationearly-triggers.php:1412
actionregistered_taxonomyearly-triggers.php:1422
actioninitwpacu-load.php:42
actioninitwpacu-load.php:57
actioninitwpacu-load.php:81
actionplugins_loadedwpacu-load.php:106
actioninitwpacu-load.php:117
actioninitwpacu-load.php:184
actionadmin_noticeswpacu.php:66
actioninitwpacu.php:121
actionparse_querywpacu.php:128
actionsetup_themewpacu.php:138
actioninitwpacu.php:162
filterwpacu_prevent_any_frontend_optimizationwpacu.php:184

Scheduled Events 2

wpacu_daily_scheduled_events
wpacu_weekly_scheduled_events
Maintenance & Trust

Asset CleanUp: Page Speed Booster Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5
Last updatedMar 12, 2025
PHP min version5.6
Downloads4.8M

Community Trust

Rating98/100
Number of ratings1,550
Active installs100K
Alternatives

Asset CleanUp: Page Speed Booster Alternatives

Speed Booster By Melotheme

Speed Booster By Melotheme

speed-booster-by-melotheme

A
85

Easy WordPress website Speed & Performance optimization with one click!

10 No CVEs
PageSpeed Ninja – Cache, Minify, Defer CSS JavaScript, Critical CSS, Optimize Images, Convert WebP

PageSpeed Ninja – Cache, Minify, Defer CSS JavaScript, Critical CSS, Optimize Images, Convert WebP

psn-pagespeed-ninja

A
92

Boost page speed: cache, compress, optimize images to WebP, minify CSS/JS, defer loading, lazy load, generate critical CSS, improve Core Web Vitals

6K No CVEs
Better WordPress Minify

Better WordPress Minify

bwp-minify

A
85

Allows you to combine and minify your CSS and JS files to improve page load time.

8K No CVEs
NitroPack – Performance, Page Speed & Cache Plugin for Core Web Vitals, CDN & Image Optimization

NitroPack – Performance, Page Speed & Cache Plugin for Core Web Vitals, CDN & Image Optimization

nitropack

A
91

Boost site speed and performance with an all-in-one cache and speed optimization plugin. Pass Core Web Vitals with CDN, image optimization, lazy loadi &hellip;

100K 6 CVEs
TinyPNG – JPEG, PNG & WebP image compression

TinyPNG – JPEG, PNG & WebP image compression

tiny-compress-images

A
99

Speed up your website. Optimize your JPEG, PNG, and WebP images automatically with TinyPNG.

100K 1 CVE
Developer Profile

Asset CleanUp: Page Speed Booster Developer Profile

Gabe Livan

1 plugin · 100K total installs

71
trust score
Avg Security Score
89/100
Avg Patch Time
867 days
View full developer profile
Detection Fingerprints

How We Detect Asset CleanUp: Page Speed Booster

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/wp-asset-clean-up/
Script Paths
/wp-content/plugins/wp-asset-clean-up/wpacu-script-admin.js/wp-content/plugins/wp-asset-clean-up/wpacu-script.js/wp-content/plugins/wp-asset-clean-up/wpacu-script-page-specific.js/wp-content/plugins/wp-asset-clean-up/wpacu-script-settings.js
Version Parameters
wp-asset-clean-up/wpacu-script.js?ver=wp-asset-clean-up/wpacu-script-admin.js?ver=wp-asset-clean-up/wpacu-script-page-specific.js?ver=wp-asset-clean-up/wpacu-script-settings.js?ver=

HTML / DOM Fingerprints

CSS Classes
wpacu-settings-main-area
HTML Comments
<!-- WP Asset CleanUp: Manage "<!-- WP Asset CleanUp: "<!-- WP Asset CleanUp: " -->
Data Attributes
wpacu-hide-rowwpacu-settings-main-areawpacu_manage_pluginswpacu_managing_plugins
JS Globals
wpacu_objwpacu_get_current_page_idwpacu_plugin_objwpacu_data
REST Endpoints
/wp-json/wp-asset-clean-up/v1/preferences
FAQ

Frequently Asked Questions about Asset CleanUp: Page Speed Booster