CVE-2026-3220

🗓️ 18 May 2026 06:00:08Reported by WPScanType

Unauthenticated stored cross site scripting in Autoptimize, Clearfy Cache and Speed Optimizer via minify placeholders.

Reporter	Title	Published	Views	Family All 9
ATTACKERKB	CVE-2026-3220	18 May 202606:00	–	attackerkb
Circl	CVE-2026-3220	18 May 202608:42	–	circl
CNNVD	WordPress多款产品跨站脚本漏洞	18 May 202600:00	–	cnnvd
Cvelist	CVE-2026-3220 Multiple Plugins - Unauthenticated Stored XSS via Minify Library	18 May 202606:00	–	cvelist
EUVD	EUVD-2026-30736	18 May 202606:00	–	euvd
NVD	CVE-2026-3220	18 May 202607:16	–	nvd
Positive Technologies	PT-2026-41636	18 May 202600:00	–	ptsecurity
RedhatCVE	CVE-2026-3220	5 Jun 202619:50	–	redhatcve
Vulnrichment	CVE-2026-3220 Multiple Plugins - Unauthenticated Stored XSS via Minify Library	18 May 202606:00	–	vulnrichment

Vulners

Node

autoptimize autoptimizeRange<3.1.15wordpress

clearfy_cacheRange<2.4.2wordpress

siteground speed_optimizerRange<7.7.9wordpress

[
  {
    "vendor": "Unknown",
    "product": "Autoptimize",
    "versions": [
      {
        "status": "affected",
        "versionType": "semver",
        "version": "0",
        "lessThan": "3.1.15"
      }
    ],
    "defaultStatus": "unaffected"
  },
  {
    "vendor": "Unknown",
    "product": "Clearfy Cache",
    "versions": [
      {
        "status": "affected",
        "versionType": "semver",
        "version": "0",
        "lessThan": "2.4.2"
      }
    ],
    "defaultStatus": "unaffected"
  },
  {
    "vendor": "Unknown",
    "product": "Speed Optimizer",
    "versions": [
      {
        "status": "affected",
        "versionType": "semver",
        "version": "0",
        "lessThan": "7.7.9"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

Source	Link
wpscan	www.wpscan.com/vulnerability/3ceabf11-23cd-4c38-ba14-014348b0ff2d/

18 May 2026 17:05Current

5.9Medium risk

Vulners AI Score5.9

CVSS 3.18.8

EPSS0.00016

SSVC

CWE-79