Async JavaScript

Vulnerabilities 7Slug async-javascriptLatest version 2.21.08.31WordPress.org →

Minimum safe version

2.21.06.29

Update to 2.21.06.29 or later to address 7 fixable vulnerabilities

Latest available2.21.08.31
Medium 6.4
2025-10-18< 2.20.02.27

CVE-2020-36854

CVE
N/A
2020-02-27< 2.20.02.27

Async JavaScript <= 2.19.07.14 - Authenticated (Subscriber+) Stored Cross-Site Scripting

Wordfence
N/A
2021-06-13< 2.21.06.29

Async Javascript <= 2.20.12.09 - Authenticated (Admin+) Cross-Site Scripting

Wordfence
N/A
< 2.20.02.27

Async Javascript &lt; 2.20.02.27 - Subscriber+ Stored XSS via Plugin Settings Change

WPScan
N/A
< 2.21.06.29

Async JavaScript &lt; 2.21.06.29 - Authenticated (admin+) Stored XSS

WPScan
N/A
2020-02-27< 2.20.02.27

WordPress Async JavaScript plugin <= 2.19.07.14 - Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability

Patchstack
N/A
2021-06-29< 2.21.06.29

WordPress Async JavaScript plugin <= 2.20.12.09 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Patchstack