Plugin Autoptimize in WordPress has been reported as vulnerable by the SunCSR Team, on the Exploitdb site.
Autoptimize makes optimizing your site really easy. It can aggregate, minify and cache scripts and styles, injects CSS in the page head by default but can also inline critical CSS and defer the aggregated full CSS, moves and defers scripts to the footer and minifies HTML. You can optimize and lazy-load images, optimize Google Fonts, async non-aggregated JavaScript, remove WordPress core emoji cruft and more.
Autoptimize version 2.7.6 has been reported as vulnerable and attackers can easily upload arbitrary files.
A new version was launched 4 days ago to fix this bug.
The new version can be found at the link .