3 matches found
CVE-2025-13401
creationtimestamp| type| source ---|---|--- 2025-12-03 15:54:57+00:00| seen| https://gist.github.com/Darkcrai86/94ee27215232f832e281972fe68c11b2...
CVE-2025-13401 Autoptimize <= 3.1.13 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Autoptimize plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the LCP Image to preload metabox in all versions up to, and including, 3.1.13 due to insufficient input sanitization and output escaping on user-supplied image attributes in the "createimgpreloadtag" function...
WordPress Autoptimize plugin <= 3.1.13 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Autoptimize versions = 3.1.13...