5 matches found
WordPress Autoptimize plugin <= 3.1.14 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'ao_post_preload' Meta Value vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via 'aopostpreload' Meta Value vulnerability discovered by Hung Nguyen yoriss - VN in WordPress Plugin Autoptimize versions = 3.1.14...
CVE-2026-2352
The Autoptimize plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'aopostpreload' meta value in all versions up to, and including, 3.1.14. This is due to insufficient input sanitization in the aometaboxsave function and missing output escaping when the value is rendered in...
CVE-2026-2352 Autoptimize <= 3.1.14 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'ao_post_preload' Meta Value
The Autoptimize plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'aopostpreload' meta value in all versions up to, and including, 3.1.14. This is due to insufficient input sanitization in the aometaboxsave function and missing output escaping when the value is rendered in...
CVE-2026-2352
The Autoptimize WordPress plugin (affected: all versions up to 3.1.14) is vulnerable to Stored Cross-Site Scripting via the ao_post_preload meta value. The root cause is insufficient input sanitization in ao_metabox_save() and missing output escaping when rendering the value into a tag in autopt...
CVE-2026-2352
The Autoptimize plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'aopostpreload' meta value in all versions up to, and including, 3.1.14. This is due to insufficient input sanitization in the aometaboxsave function and missing output escaping when the value is rendered in...