CVE-2026-3220

Name of the Vulnerable Software and Affected Versions Autoptimize versions prior to 3.1.15 Clearfy Cache versions prior to 2.4.2 Speed Optimizer versions prior to 7.7.9

Description Unauthenticated Stored Cross-Site Scripting (XSS) is possible due to a predictable replacement hash used during the HTML minification process and the abuse of a regular expression. This allows an attacker to anticipate the placeholder format and inject arbitrary HTML attributes into the final HTML output.

Recommendations Update Autoptimize to version 3.1.15 or later. Update Clearfy Cache to version 2.4.2 or later. Update Speed Optimizer to version 7.7.9 or later.