37 matches found
CVE-2026-3220
The Autoptimize WordPress plugin before 3.1.15, Clearfy Cache WordPress plugin before 2.4.2, Speed Optimizer WordPress plugin before 7.7.9 are vulnerable to unauthenticated Stored Cross-Site Scripting XSS due to a predictable replacement hash used during the HTML minification process and abusing ...
CVE-2026-3220
The Autoptimize WordPress plugin before 3.1.15, Clearfy Cache WordPress plugin before 2.4.2, Speed Optimizer WordPress plugin before 7.7.9 are vulnerable to unauthenticated Stored Cross-Site Scripting XSS due to a predictable replacement hash used during the HTML minification process and abusing ...
CVE-2026-3220
CVE-2026-3220 affects three WordPress plugins: Autoptimize (before 3.1.15), Clearfy Cache (before 2.4.2), and Speed Optimizer (before 7.7.9). The issue is unauthenticated Stored XSS caused by a predictable replacement hash used during HTML minification and an abused regular expression, allowing a...
CVE-2026-3220
The Autoptimize WordPress plugin before 3.1.15, Clearfy Cache WordPress plugin before 2.4.2, Speed Optimizer WordPress plugin before 7.7.9 are vulnerable to unauthenticated Stored Cross-Site Scripting XSS due to a predictable replacement hash used during the HTML minification process and abusing ...
CVE-2026-3220 Multiple Plugins - Unauthenticated Stored XSS via Minify Library
The Autoptimize WordPress plugin before 3.1.15, Clearfy Cache WordPress plugin before 2.4.2, Speed Optimizer WordPress plugin before 7.7.9 are vulnerable to unauthenticated Stored Cross-Site Scripting XSS due to a predictable replacement hash used during the HTML minification process and abusing ...
EUVD-2026-30736
The Autoptimize WordPress plugin before 3.1.15, Clearfy Cache WordPress plugin before 2.4.2, Speed Optimizer WordPress plugin before 7.7.9 are vulnerable to unauthenticated Stored Cross-Site Scripting XSS due to a predictable replacement hash used during the HTML minification process and abusing ...
MAL-2026-1539 Malicious code in relay-optimizer-plugin (npm)
The package 'relay-optimizer-plugin' is part of the PhantomRaven supply chain attack campaign Wave 2. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...
Malicious code in relay-optimizer-plugin (npm)
The package 'relay-optimizer-plugin' is part of the PhantomRaven supply chain attack campaign Wave 2. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...
CVE-2026-1319 Robin Image Optimizer <= 2.0.2 - Authenticated (Author+) Stored Cross-Site Scripting via Image Alternative Text Field
The Robin Image Optimizer – Unlimited Image Optimization & WebP Converter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Alternative Text' field of a Media Library image in all versions up to, and including, 2.0.2 due to insufficient input sanitization and output...
CVE-2025-12190
The Image Optimizer by wps.sk plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.0. This is due to missing or incorrect nonce validation on the imagopbyajaxoptimizegallery function. This makes it possible for unauthenticated attackers to...
CVE-2025-12190 Image Optimizer by wps.sk <= 1.2.0 - Cross-Site Request Forgery to Bulk Image Optimization
The Image Optimizer by wps.sk plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.0. This is due to missing or incorrect nonce validation on the imagopbyajaxoptimizegallery function. This makes it possible for unauthenticated attackers to...
CVE-2025-12190 Image Optimizer by wps.sk <= 1.2.0 - Cross-Site Request Forgery to Bulk Image Optimization
The Image Optimizer by wps.sk plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.0. This is due to missing or incorrect nonce validation on the imagopbyajaxoptimizegallery function. This makes it possible for unauthenticated attackers to...
EUVD-2024-33463
Malicious code in bioql PyPI...
EUVD-2022-51486
Malicious code in bioql PyPI...
CVE-2022-4119
The Image Optimizer, Resizer and CDN WordPress plugin before 6.8.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite...
CVE-2025-4217 WP YouTube Video Optimizer <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
The WP YouTube Video Optimizer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ibyoutube' shortcode in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
WordPress plugin WP Database Optimizer 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin ... A cross-site...
WordPress Simple Optimizer plugin <= 1.2.7 - Cross Site Request Forgery (CSRF) vulnerability
Cross Site Request Forgery CSRF vulnerability discovered by Nabil Irawan in WordPress Plugin Simple Optimizer versions = 1.2.7...
PT-2025-5967 · Zach Swetz · Plugin A/B Image Optimizer
Name of the Vulnerable Software and Affected Versions: Plugin A/B Image Optimizer versions prior to 3.3 Description: The issue is related to an improper limitation of a pathname to a restricted directory, also known as 'Path Traversal', in the Zach Swetz Plugin A/B Image Optimizer. This allows fo...
PT-2025-1986 · WordPress · Dental Optimizer Patient Generator App
Name of the Vulnerable Software and Affected Versions: Dental Optimizer Patient Generator App WordPress plugin versions 1.0 Description: The issue is related to a Reflected Cross-Site Scripting problem, where a parameter is not properly sanitised and escaped before being outputted back in the pag...