255 matches found
CVE-2026-2430
The CVE concerns the Autoptimize WordPress plugin. All versions up to 3.1.14 are affected by a stored XSS via the lazy-loading image processing due to an overly permissive regex in add_lazyload that replaces every occurrence of \ssrc= in image tags without scoping to the actual attribute. This en...
CVE-2026-2430 Autoptimize <= 3.1.14 - Authenticated (Contributor+) Stored Cross-Site Scripting via Lazy-loaded Image Attributes
The Autoptimize plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the lazy-loading image processing in all versions up to, and including, 3.1.14. This is due to the use of an overly permissive regular expression in the addlazyload function that replaces all occurrences of \ssr...
CVE-2026-2352 Autoptimize <= 3.1.14 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'ao_post_preload' Meta Value
The Autoptimize plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'aopostpreload' meta value in all versions up to, and including, 3.1.14. This is due to insufficient input sanitization in the aometaboxsave function and missing output escaping when the value is rendered in...
CVE-2026-2352 Autoptimize <= 3.1.14 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'ao_post_preload' Meta Value
The Autoptimize plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'aopostpreload' meta value in all versions up to, and including, 3.1.14. This is due to insufficient input sanitization in the aometaboxsave function and missing output escaping when the value is rendered in...
CVE-2026-2352
The Autoptimize WordPress plugin (affected: all versions up to 3.1.14) is vulnerable to Stored Cross-Site Scripting via the ao_post_preload meta value. The root cause is insufficient input sanitization in ao_metabox_save() and missing output escaping when rendering the value into a tag in autopt...
CVE-2026-2352
The Autoptimize plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'aopostpreload' meta value in all versions up to, and including, 3.1.14. This is due to insufficient input sanitization in the aometaboxsave function and missing output escaping when the value is rendered in...
PT-2026-26711
The Autoptimize plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'ao post preload' meta value in all versions up to, and including, 3.1.14. This is due to insufficient input sanitization in the ao metabox save function and missing output escaping when the value is rendere...
PT-2026-26713
The Autoptimize plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the lazy-loading image processing in all versions up to, and including, 3.1.14. This is due to the use of an overly permissive regular expression in the add lazyload function that replaces all occurrences of ssr...
CVE-2025-13401
The Autoptimize plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the LCP Image to preload metabox in all versions up to, and including, 3.1.13 due to insufficient input sanitization and output escaping on user-supplied image attributes in the "createimgpreloadtag" function...
CVE-2025-13401
The Autoptimize plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the LCP Image to preload metabox in all versions up to, and including, 3.1.13 due to insufficient input sanitization and output escaping on user-supplied image attributes in the "createimgpreloadtag" function...
CVE-2025-13401
CVE-2025-13401 : Autoptimize for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to 3.1.13 due to insufficient input sanitization and output escaping in create_img_preload_tag. Exploitation requires authenticated access at Contributor level or higher, allowing injection of s...
EUVD-2025-200973
The Autoptimize plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the LCP Image to preload metabox in all versions up to, and including, 3.1.13 due to insufficient input sanitization and output escaping on user-supplied image attributes in the "createimgpreloadtag" function...
CVE-2025-13401 Autoptimize <= 3.1.13 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Autoptimize plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the LCP Image to preload metabox in all versions up to, and including, 3.1.13 due to insufficient input sanitization and output escaping on user-supplied image attributes in the "createimgpreloadtag" function...
CVE-2025-13401 Autoptimize <= 3.1.13 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Autoptimize plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the LCP Image to preload metabox in all versions up to, and including, 3.1.13 due to insufficient input sanitization and output escaping on user-supplied image attributes in the "createimgpreloadtag" function...
PT-2025-48810
The Autoptimize plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the LCP Image to preload metabox in all versions up to, and including, 3.1.13 due to insufficient input sanitization and output escaping on user-supplied image attributes in the "create img preload tag" function...
WordPress plugin Autoptimize 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin.... A cross-site...
EUVD-2021-11290
Malware in sbrugna...
EUVD-2023-23599
Malicious code in bioql PyPI...
EUVD-2023-23601
Malicious code in bioql PyPI...
EUVD-2022-34882
Malicious code in bioql PyPI...