Autoptimize

Vulnerabilities 16Slug autoptimizeLatest version 3.1.15.1WordPress.org →

Minimum safe version

3.1.15

Update to 3.1.15 or later to address 16 fixable vulnerabilities

Latest available3.1.15.1 ✓

N/A

2026-03-20< 3.1.15

Autoptimize <= 3.1.14 - Authenticated (Contributor+) Stored Cross-Site Scripting via Lazy-loaded Image Attributes

Wordfence CVE

N/A

2026-03-20< 3.1.15

Autoptimize <= 3.1.14 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'ao_post_preload' Meta Value

Wordfence CVE

Medium 6.4

2025-12-03< 3.1.14

CVE-2025-13401

CVE Wordfence

Medium 4.8

2023-05-30< 3.1.7

CVE-2023-2113

CVE Wordfence WPScan

N/A

2023-04-25< 3.1.7

WordPress Autoptimize Plugin <= 3.1.6 is vulnerable to Cross Site Scripting (XSS)

Patchstack

N/A

2023-04-23< 3.1.7

WordPress Autoptimize Plugin <= 3.1.6 is vulnerable to Cross Site Scripting (XSS)

Patchstack

N/A

2017-06-19< 2.1.1

Autoptimize <= 2.1.0 - Unauthenticated Local File Inclusion

Wordfence

Medium 5.3

2023-01-02< 3.1.0

CVE-2022-4057

CVE Wordfence WPScan

N/A

< 3.1.0

WordPress Autoptimize Plugin <= 3.0.4 is vulnerable to Sensitive Data Exposure

Patchstack

Medium 4.8

2022-09-16< 3.1.1

CVE-2022-2635

CVE Patchstack Wordfence WPScan

N/A

2021-05-04< 2.8.4

WordPress Autoptimize plugin <= 2.8.3 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Patchstack

High 7.2

2020-09-03< 2.7.7

CVE-2020-24948

CVE Patchstack Wordfence WPScan

Medium 4.8

2021-05-24< 2.8.4

CVE-2021-24332

CVE Wordfence WPScan

High 8.1

2021-06-21< 2.7.8

CVE-2021-24377

CVE Patchstack Wordfence WPScan

Critical 9.8

2021-06-21< 2.7.8

CVE-2021-24376

CVE Patchstack Wordfence WPScan

Medium 4.8

2021-06-21< 2.7.8

CVE-2021-24378

CVE Patchstack Wordfence WPScan