Wp Rocket
Monthly
WP Rocket, a popular WordPress performance optimization plugin, contains a Stored Cross-Site Scripting (XSS) vulnerability in versions up to 3.19.4 that allows authenticated attackers with high privileges to inject malicious scripts into web pages. An attacker with administrator or equivalent access can craft specially-formatted input that bypasses input sanitization, resulting in persistent XSS that executes in the browsers of other site users. The vulnerability has a CVSS score of 5.9 (Medium), requiring high privileges and user interaction, with no evidence of active exploitation in the wild or public proof-of-concept code.
In the WP Rocket plugin 2.9.3 for WordPress, the Local File Inclusion mitigation technique is to trim traversal characters (..) -- however, this is insufficient to stop remote attacks and can be. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
WP Rocket, a popular WordPress performance optimization plugin, contains a Stored Cross-Site Scripting (XSS) vulnerability in versions up to 3.19.4 that allows authenticated attackers with high privileges to inject malicious scripts into web pages. An attacker with administrator or equivalent access can craft specially-formatted input that bypasses input sanitization, resulting in persistent XSS that executes in the browsers of other site users. The vulnerability has a CVSS score of 5.9 (Medium), requiring high privileges and user interaction, with no evidence of active exploitation in the wild or public proof-of-concept code.
In the WP Rocket plugin 2.9.3 for WordPress, the Local File Inclusion mitigation technique is to trim traversal characters (..) -- however, this is insufficient to stop remote attacks and can be. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.