Vulnerabilities and security researches forclearfy clearfy

Jun 07, 2024

CVE, Research URL: 9df440d3c42c1908a8ffe08b2ae2048fa8a6b3b6
Home page URL: Security reports for Clearfy Cache – WordPress optimization plugin, Minify HTML, CSS & JS, Defer
Application: Clearfy Cache – WordPress optimization plugin, Minify HTML, CSS & JS, Defer
Date: Jun 14, 2022
Research Description: Clearfy Cache – WordPress optimization plugin, Minify HTML, CSS & JS, Defer [clearfy] < 2.0.5 WordPress Clearfy Cache plugin <= 2.0.4 - Reflected Cross-Site Scripting (XSS) vulnerability Reflected Cross-Site Scripting (XSS) vulnerability discovered by WPScanTeam in WordPress Clearfy Cache plugin (versions <= 2.0.4). Update the WordPress Clearfy Cache plugin to the latest available version (at least 2.0.5).
Affected versions: max 2.0.5.
Status: vulnerable

CVE, Research URL: CVE-2024-34806
Home page URL: Security reports for Clearfy Cache – WordPress optimization plugin, Minify HTML, CSS & JS, Defer
Application: Clearfy Cache – WordPress optimization plugin, Minify HTML, CSS & JS, Defer
Date: May 17, 2024
Research Description: Cross-Site Request Forgery (CSRF) vulnerability in Creative Motion Clearfy Cache.This issue affects Clearfy Cache: from n/a through 2.2.1.
Affected versions: max 2.3.3.
Status: vulnerable

Aug 16, 2024

CVE, Research URL: CVE-2024-43260
Home page URL: Security reports for Clearfy Cache – WordPress optimization plugin, Minify HTML, CSS & JS, Defer
Application: Clearfy Cache – WordPress optimization plugin, Minify HTML, CSS & JS, Defer
Date: Nov 01, 2024
Research Description: Missing Authorization vulnerability in Creative Motion Clearfy Cache allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Clearfy Cache: from n/a through 2.2.4.
Affected versions: max 2.2.5.
Status: vulnerable

Apr 14, 2025

CVE, Research URL: CVE-2024-13337
Home page URL: Security reports for Clearfy Cache – WordPress optimization plugin, Minify HTML, CSS & JS, Defer
Application: Clearfy Cache – WordPress optimization plugin, Minify HTML, CSS & JS, Defer
Date: Apr 12, 2025
Research Description: The Clearfy Cache – WordPress optimization plugin, Minify HTML, CSS & JS, Defer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.3.2. This is due to missing or incorrect nonce validation on the 'setup-wbcr_clearfy' page. This makes it possible for unauthenticated attackers to update the plugins settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Affected versions: max 2.3.3.
Status: vulnerable

CVE, Research URL: CVE-2024-13338
Home page URL: Security reports for Clearfy Cache – WordPress optimization plugin, Minify HTML, CSS & JS, Defer
Application: Clearfy Cache – WordPress optimization plugin, Minify HTML, CSS & JS, Defer
Date: Apr 12, 2025
Research Description: The Clearfy Cache – WordPress optimization plugin, Minify HTML, CSS & JS, Defer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.3.1. This is due to missing or incorrect nonce validation on the wclearfy_cache_delete functionality . This makes it possible for unauthenticated attackers to clear the cache via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Affected versions: max 2.3.2.
Status: vulnerable

Jan 27, 2026

CVE, Research URL: CVE-2025-13749
Home page URL: Security reports for Clearfy Cache – WordPress optimization plugin, Minify HTML, CSS & JS, Defer
Application: Clearfy Cache – WordPress optimization plugin, Minify HTML, CSS & JS, Defer
Date: Jan 09, 2026
Research Description: The Clearfy Cache – WordPress optimization plugin, Minify HTML, CSS & JS, Defer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.4.0. This is due to missing nonce validation on the "wbcr_upm_change_flag" function. This makes it possible for unauthenticated attackers to disable plugin/theme update notifications via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Affected versions: max 2.4.1.
Status: vulnerable

Jun 13, 2026

CVE, Research URL: CVE-2026-3220
Home page URL: Security reports for Clearfy Cache – WordPress optimization plugin, Minify HTML, CSS & JS, Defer
Application: Clearfy Cache – WordPress optimization plugin, Minify HTML, CSS & JS, Defer
Date: May 18, 2026
Research Description: The Autoptimize WordPress plugin before 3.1.15, Clearfy Cache WordPress plugin before 2.4.2, Speed Optimizer WordPress plugin before 7.7.9 are vulnerable to unauthenticated Stored Cross-Site Scripting (XSS) due to a predictable replacement hash used during the HTML minification process and abusing a regular expression. This allows an attacker to inject arbitrary HTML attributes in the final HTML output by anticipating the placeholder format.
Affected versions: max 2.4.2.
Status: vulnerable