CVE-2017-11658
WP Rocket plugin for WordPress (version 2.9.3) is vulnerable to a Local File Inclusion bypass. The mitigation that trims traversal sequences (..) is ineffective when attackers can inject 0x00 bytes, enabling a remote attacker to bypass security restrictions via a null-byte injection (illustrated ...