Filtered by vendor Optimizingmatters
Subscriptions
Filtered by product Autooptimize
Subscriptions
Total
2 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-13401 | 2 Optimizingmatters, Wordpress | 2 Autooptimize, Wordpress | 2025-12-04 | 6.4 Medium |
| The Autoptimize plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the LCP Image to preload metabox in all versions up to, and including, 3.1.13 due to insufficient input sanitization and output escaping on user-supplied image attributes in the "create_img_preload_tag" function. This makes it possible for authenticated attackers, with contributor level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2022-4057 | 1 Optimizingmatters | 1 Autooptimize | 2025-04-10 | 5.3 Medium |
| The Autoptimize WordPress plugin before 3.1.0 uses an easily guessable path to store plugin's exported settings and logs. | ||||
Page 1 of 1.