Description
WordPress Plugin WP Rocket is prone to a local file inclusion vulnerability because it fails to sufficiently verify user-supplied input. Exploiting this issue may allow an attacker to obtain sensitive information that could aid in further attacks. WordPress Plugin WP Rocket version 2.10.3 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 2.10.4 or latest
References
Related Vulnerabilities
WordPress Plugin Advanced Dewplayer Directory Traversal (1.2)
WordPress Plugin WordPress Leads Cross-Site Scripting (1.6.2)
WordPress Plugin WordPress Photo Gallery by Gallery Bank Unspecified Vulnerability (3.1.26)
WordPress Plugin Product Lister for Walmart Remote Code Execution (1.0.1)
WordPress Plugin NextGEN Gallery-WordPress Gallery Unspecified Vulnerability (2.0.77.3)