CVE-2026-3220

CVE-2026-3220 affects three WordPress plugins: Autoptimize (before 3.1.15), Clearfy Cache (before 2.4.2), and Speed Optimizer (before 7.7.9). The issue is unauthenticated Stored XSS caused by a predictable replacement hash used during HTML minification and an abused regular expression, allowing a...

CVE-2026-3220 Multiple Plugins - Unauthenticated Stored XSS via Minify Library

The Autoptimize WordPress plugin before 3.1.15, Clearfy Cache WordPress plugin before 2.4.2, Speed Optimizer WordPress plugin before 7.7.9 are vulnerable to unauthenticated Stored Cross-Site Scripting XSS due to a predictable replacement hash used during the HTML minification process and abusing ...

Prototype Pollution

Overview icu-minify is an ICU message format compiler with a 1KB runtime bundle footprint Affected versions of this package are vulnerable to Prototype Pollution in the setNestedProperty function when processing translation catalog keys containing reserved properties such as proto, constructor, o...

@0xchain/empty (>=0.0.1 <=1.1.0-beta.4), @0xchain/expandable-text (>=0.0.1 <=1.1.0-beta.18) +107 more potentially affected by unknown CVE via icu-minify (=4.11.1)

icu-minify NPM version =4.11.1 is affected by a known vulnerability. The following packages have a transitive dependency on icu-minify and may be impacted: - @0xchain/empty =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =1.0.1, =0.1.0, =0.1.1, =2.2.0, =2.5...

@0xchain/empty (>=0.0.1 <=1.1.0-beta.4), @0xchain/expandable-text (>=0.0.1 <=1.1.0-beta.18) +107 more potentially affected by unknown CVE via icu-minify (=4.11.1)

icu-minify NPM version =4.11.1 is affected by a known vulnerability. The following packages have a transitive dependency on icu-minify and may be impacted: - @0xchain/empty =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =1.0.1, =0.1.0, =0.1.1, =2.2.0, =2.5...

mcp-data-vis vulnerable to denial of service via unsanitized `select` key lookup on `Object.prototype` with `precompile: true`

Summary icu-minify's runtime formatter resolves select branches by looking up the runtime value as a plain property on a prototype-bearing object. When the value coerces to a key that exists on Object.prototype e.g. toString, proto, constructor, hasOwnProperty, valueOf, the lookup returns a truth...

GHSA-R27J-894H-3W3P mcp-data-vis vulnerable to denial of service via unsanitized `select` key lookup on `Object.prototype` with `precompile: true`

Summary icu-minify's runtime formatter resolves select branches by looking up the runtime value as a plain property on a prototype-bearing object. When the value coerces to a key that exists on Object.prototype e.g. toString, proto, constructor, hasOwnProperty, valueOf, the lookup returns a truth...

Prototype Pollution

Overview icu-minify is an ICU message format compiler with a 1KB runtime bundle footprint Affected versions of this package are vulnerable to Prototype Pollution via the formatSelect function. An attacker can cause the application to crash and trigger a server error by supplying specially crafted...

WordPress AEH Speed Optimization: Browser Cache, Optimized Minify, Lazy Loading & Image Optimization plugin <= 2.9.2 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin Add Expires Headers & Optimized Minify versions = 2.9.2...

CVE-2026-7040

Text::Minify::XS versions from 0.3.0 before 0.7.8 for Perl have a heap overflow when processing some malformed UTF-8 characters. The minify functions mishandled some malformed UTF-8 characters, leading to heap corruption. Note that the minifyutf8 function is an alias for minify...

CVE-2026-7040

Text::Minify::XS versions from 0.3.0 before 0.7.8 for Perl have a heap overflow when processing some malformed UTF-8 characters. The minify functions mishandled some malformed UTF-8 characters, leading to heap corruption. Note that the minifyutf8 function is an alias for minify...

CVE-2026-7040 Text::Minify::XS versions from 0.3.0 before 0.7.8 for Perl have heap overflow when processing some malformed UTF-8 characters

Text::Minify::XS versions from 0.3.0 before 0.7.8 for Perl have a heap overflow when processing some malformed UTF-8 characters. The minify functions mishandled some malformed UTF-8 characters, leading to heap corruption. Note that the minifyutf8 function is an alias for minify...

CVE-2026-7040

CVE-2026-7040 affects Text::Minify::XS for Perl, with versions from v0.3.0 up to, but not including, v0.7.8. The vulnerability is a heap overflow/heap corruption that occurs when processing certain malformed UTF-8 characters, as the minify functions mishandled those inputs. The issue is tied to t...

CVE-2026-7040

Text::Minify::XS versions from 0.3.0 before 0.7.8 for Perl have a heap overflow when processing some malformed UTF-8 characters. The minify functions mishandled some malformed UTF-8 characters, leading to heap corruption. Note that the minifyutf8 function is an alias for minify...

CVE-2026-7040 Text::Minify::XS versions from 0.3.0 before 0.7.8 for Perl have heap overflow when processing some malformed UTF-8 characters

Text::Minify::XS versions from 0.3.0 before 0.7.8 for Perl have a heap overflow when processing some malformed UTF-8 characters. The minify functions mishandled some malformed UTF-8 characters, leading to heap corruption. Note that the minifyutf8 function is an alias for minify...

EUVD-2026-25833

Text::Minify::XS versions from v0.3.0 before v0.7.8 for Perl have a heap overflow when processing some malformed UTF-8 characters. The minify functions mishandled some malformed UTF-8 characters, leading to heap corruption. Note that the minifyutf8 function is an alias for minnify...

PT-2026-35416

Name of the Vulnerable Software and Affected Versions Text::Minify::XS versions 0.3.0 through 0.7.7 Description A heap overflow occurs when processing certain malformed UTF-8 characters. The minify function and its alias minify utf8 mishandle these characters, which leads to heap corruption...

Text::Minify::XS 安全漏洞

Text::Minify::XS is a text compression tool developed by Robert Rothenberg, designed to quickly remove excess whitespace from multi-line texts. Versions of Text::Minify::XS from v0.3.0 to v0.7.8 contained security vulnerabilities. These vulnerabilities were caused by a stack overflow vulnerabilit...

CVE-2026-3191

The Minify HTML plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1.12. This is due to missing or incorrect nonce validation on the 'minifyhtmlmenuoptions' function. This makes it possible for unauthenticated attackers to update plugin settin...

WordPress Minify HTML plugin <= 2.1.12 - Cross-Site Request Forgery to Plugin Settings Update vulnerability

Cross-Site Request Forgery to Plugin Settings Update vulnerability discovered by Osvaldo Noe Gonzalez Del Rio Os - krei.dev | ogbuilders.io in WordPress Plugin Minify HTML versions = 2.1.12...