5 matches found
WordPress Speed Optimizer plugin < 7.7.9 - Unauthenticated Stored XSS via Minify Library vulnerability
Unauthenticated Stored XSS via Minify Library vulnerability discovered by Matthew Rollings in WordPress Plugin Speed Optimizer versions 7.7.9...
WordPress Clearfy Cache plugin < 2.4.2 - Unauthenticated Stored XSS via Minify Library vulnerability
Unauthenticated Stored XSS via Minify Library vulnerability discovered by Matthew Rollings in WordPress Plugin Clearfy Cache versions 2.4.2...
WordPress Autoptimize plugin < 3.1.15 - Unauthenticated Stored XSS via Minify Library vulnerability
Unauthenticated Stored XSS via Minify Library vulnerability discovered by Matthew Rollings in WordPress Plugin Autoptimize versions 3.1.15...
CVE-2026-3220
CVE-2026-3220 affects three WordPress plugins: Autoptimize (before 3.1.15), Clearfy Cache (before 2.4.2), and Speed Optimizer (before 7.7.9). The issue is unauthenticated Stored XSS caused by a predictable replacement hash used during HTML minification and an abused regular expression, allowing a...
CVE-2026-3220 Multiple Plugins - Unauthenticated Stored XSS via Minify Library
The Autoptimize WordPress plugin before 3.1.15, Clearfy Cache WordPress plugin before 2.4.2, Speed Optimizer WordPress plugin before 7.7.9 are vulnerable to unauthenticated Stored Cross-Site Scripting XSS due to a predictable replacement hash used during the HTML minification process and abusing ...