🔎 Have you found a vulnerability in a WordPress plugin or theme? Report vulnerabilities in WordPress plugins and themes through our bug bounty program and earn a bounty on all in-scope submissions, while we handle the responsible disclosure process on your behalf.

Autoptimize

Wordfence Intelligence > Vulnerability Database > WordPress Plugins > Autoptimize

Information

Software Type	Plugin
Software Slug	autoptimize (view on wordpress.org)
Software Status	Active
Software Author	optimizingmatters
Software Website	autoptimize.com
Software Downloads	39,292,112
Software Active Installs	1,000,000
Software Record Last Updated	July 26, 2024

9 Vulnerabilities

Autoptimize <= 3.1.6 - Authenticated (Admin+) Stored Cross-Site Scripting via Critical CSS Rules

4.4

CVE-2023-2113

Apr 25, 2023

Researcher: Juampa Rodríguez

Autoptimize <= 3.0.4 - Sensitive Information Disclosure

5.3

CVE-2022-4057

Dec 5, 2022

Researcher: Raad Haddad

Autoptimize <= 3.1.0 - Authenticated (Admin+) Stored Cross-Site Scripting via Critical CSS Settings

5.5

CVE-2022-2635

Jul 19, 2022

Researcher: Raad Haddad

Autoptimize <= 2.8.3 - Stored Cross-Site Scripting

5.5

CVE-2021-24332

May 7, 2021

Researcher: RE-ALTER

Autoptimize <= 2.7.7 - Arbitrary File Upload (and Remote Code Execution) via Import Settings

9.8

CVE-2021-24376

Oct 9, 2020

Researcher: Marcin Węgłowski

Autoptimize <= 2.7.7 - Unsafe File Upload to Cross-Site Scripting

4.8

CVE-2021-24378

Oct 9, 2020

Researcher: Marcin Węgłowski

Autoptimize <= 2.7.7 - Race Condition leading to Remote Code Execution

8.1

CVE-2021-24377

Oct 9, 2020

Researcher: Marcin Węgłowski

Autoptimize <= 2.7.6 - Authenticated Arbitrary File Upload

7.2

CVE-2020-24948

Aug 24, 2020

Researcher: Nguyen Van Khanh

Autoptimize <= 2.1.0 - Unauthenticated Local File Inclusion

9.8

CVE ID Unknown

Jun 19, 2017

Researcher: Matt Barry

Title	Status	CVE ID	CVSS	Researchers	Date
Autoptimize <= 3.1.6 - Authenticated (Admin+) Stored Cross-Site Scripting via Critical CSS Rules	Patched	CVE-2023-2113	4.4	Juampa Rodríguez	April 25, 2023
Autoptimize <= 3.0.4 - Sensitive Information Disclosure	Patched	CVE-2022-4057	5.3	Raad Haddad	December 5, 2022
Autoptimize <= 3.1.0 - Authenticated (Admin+) Stored Cross-Site Scripting via Critical CSS Settings	Patched	CVE-2022-2635	5.5	Raad Haddad	July 19, 2022
Autoptimize <= 2.8.3 - Stored Cross-Site Scripting	Patched	CVE-2021-24332	5.5	RE-ALTER	May 7, 2021
Autoptimize <= 2.7.7 - Arbitrary File Upload (and Remote Code Execution) via Import Settings	Patched	CVE-2021-24376	9.8	Marcin Węgłowski	October 9, 2020
Autoptimize <= 2.7.7 - Unsafe File Upload to Cross-Site Scripting	Patched	CVE-2021-24378	4.8	Marcin Węgłowski	October 9, 2020
Autoptimize <= 2.7.7 - Race Condition leading to Remote Code Execution	Patched	CVE-2021-24377	8.1	Marcin Węgłowski	October 9, 2020
Autoptimize <= 2.7.6 - Authenticated Arbitrary File Upload	Patched	CVE-2020-24948	7.2	Nguyen Van Khanh	August 24, 2020
Autoptimize <= 2.1.0 - Unauthenticated Local File Inclusion	Patched		9.8	Matt Barry	June 19, 2017

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation