Wp Rocket
Monthly
WP Rocket, a popular WordPress performance optimization plugin, contains a Stored Cross-Site Scripting (XSS) vulnerability in versions up to 3.19.4 that allows authenticated attackers with high privileges to inject malicious scripts into web pages. An attacker with administrator or equivalent access can craft specially-formatted input that bypasses input sanitization, resulting in persistent XSS that executes in the browsers of other site users. The vulnerability has a CVSS score of 5.9 (Medium), requiring high privileges and user interaction, with no evidence of active exploitation in the wild or public proof-of-concept code.
WP Rocket, a popular WordPress performance optimization plugin, contains a Stored Cross-Site Scripting (XSS) vulnerability in versions up to 3.19.4 that allows authenticated attackers with high privileges to inject malicious scripts into web pages. An attacker with administrator or equivalent access can craft specially-formatted input that bypasses input sanitization, resulting in persistent XSS that executes in the browsers of other site users. The vulnerability has a CVSS score of 5.9 (Medium), requiring high privileges and user interaction, with no evidence of active exploitation in the wild or public proof-of-concept code.