• WordPress Plugin WP Rocket is prone to a local file inclusion vulnerability because it fails to sufficiently verify user-supplied input. Exploiting this issue may allow an attacker to obtain sensitive information that could aid in further attacks. WordPress Plugin WP Rocket version 2.10.3 is vulnerable; prior versions may also be affected.

• Update to plugin version 2.10.4 or latest

• • https://gist.github.com/Shinkurt/157dbb3767c9489f3d754f79b183a890
  • https://wp-rocket.me/changelog

• 

• CVE-2017-11658

• CWE-22

• Missing Update File Inclusion

• WordPress 2.0.6 'Zend_Hash_Del_Key_Or_Index' SQL Injection Vulnerability (0.6.2 - 2.0.6)
• WordPress Plugin NextGEN Gallery-WordPress Gallery Multiple Cross-Site Scripting Vulnerabilities (2.1.20)
• WordPress Multiple Vulnerabilities (0.70 - 3.6.1)
• WordPress Plugin WordPress Access Areas Security Bypass (1.3.0)
• WordPress Plugin Jetpack by WordPress.com Security Bypass (2.9.2)