CVE-2026-28044

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WP Media WP Rocket allows Stored XSS.This issue affects WP Rocket: from n/a through 3.19.4...

CVE-2026-28044

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WP Media WP Rocket allows Stored XSS.This issue affects WP Rocket: from n/a through 3.19.4...

CVE-2026-28044 WordPress WP Rocket plugin <= 3.19.4 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WP Media WP Rocket allows Stored XSS.This issue affects WP Rocket: from n/a through 3.19.4...

CVE-2026-28044

The CVE-2026-28044 entry concerns WP Rocket (WordPress plugin)

WordPress plugin WP Rocket 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

EUVD-2017-3270

Malware in sbrugna...

WP Rocket &lt; 2.10.3 - Local File Inclusion (LFI)

Paulos Yibelo discovered and reported this Local File Inclusion vulnerability in WordPress WP Rocket Plugin. This could allow a malicious actor to include local files of the target website and show its output onto the screen. Files which store credentials, such as database credentials, could...

WordPress WP Rocket < 2.10.3 - Local File Inclusion Vulnerability

Paulos Yibelo discovered and reported this Local File Inclusion vulnerability in WordPress WP Rocket Plugin. This could allow a malicious actor to include local files of the target website and show its output onto the screen. Files which store credentials, such as database credentials, could...

WordPress WP Rocket 2.10.3 Local File Inclusion Exploit

Paulos Yibelo discovered and reported this Local File Inclusion vulnerability in WordPress WP Rocket Plugin. This could allow a malicious actor to include local files of the target website and show its output onto the screen. Files which store credentials, such as database credentials, could...

SUSE CVE-2017-11658

In the WP Rocket plugin 2.9.3 for WordPress, the Local File Inclusion mitigation technique is to trim traversal characters .. -- however, this is insufficient to stop remote attacks and can be bypassed by using 0x00 bytes, as demonstrated by a .%00.../.%00.../ attack...

WordPress WP Rocket plugin <=2.10.3 - Local File Inclusion (LFI) vulnerability

Local File Inclusion LFI vulnerability discovered by Paulos Yibelo in WordPress WP Rocket plugin 2.10.3 and earlier versions. Requires an older deprecated PHP version that is vulnerable to null byte injection. Solution Update WordPress WP Rocket plugin to the latest available version at least...

WordPress WP Rocket Plugin Security Bypass Vulnerability

WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language , the platform supports PHP and MySQL servers to set up a personal blog site . WP Rocket plugin is one of the cache optimization plugin . A security vulnerability exists in version 2.9.3 of...

CVE-2017-11658

In the WP Rocket plugin 2.9.3 for WordPress, the Local File Inclusion mitigation technique is to trim traversal characters .. -- however, this is insufficient to stop remote attacks and can be bypassed by using 0x00 bytes, as demonstrated by a .%00.../.%00.../ attack...

CVE-2017-11658

WP Rocket plugin for WordPress (version 2.9.3) is vulnerable to a Local File Inclusion bypass. The mitigation that trims traversal sequences (..) is ineffective when attackers can inject 0x00 bytes, enabling a remote attacker to bypass security restrictions via a null-byte injection (illustrated ...

WP Rocket <= 2.10.3 - Local File Inclusion (LFI)

Requires older versions of PHP that are vulnerable to null byte injection...