Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
WordPress Plugin 'WP Rocket' Unauthenticated File Upload Vulnerability Allows Remote Code Execution
MINI-rqrf-9qrf-gxwx
Summary
An unpatched vulnerability in the WP Rocket plugin for WordPress allows attackers to upload malicious files to a website without a password. This could enable an attacker to execute malicious code on the website, potentially leading to data theft or website takeover. Update the WP Rocket plugin to the latest version to fix this vulnerability.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| – | chromium | All versions | – |
| – | chromium-lang | All versions | – |
| – | chromium-docker-selenium-compat | All versions | – |
Original title
MINI-rqrf-9qrf-gxwx
Published: 5 Apr 2026 · Updated: 5 Apr 2026 · First seen: 5 Apr 2026