{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2017-07-26T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "In the WP Rocket plugin 2.9.3 for WordPress, the Local File Inclusion mitigation technique is to trim traversal characters (..) -- however, this is insufficient to stop remote attacks and can be bypassed by using 0x00 bytes, as demonstrated by a .%00.../.%00.../ attack."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-29T09:57:01.000Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://gist.github.com/Shinkurt/157dbb3767c9489f3d754f79b183a890"}, {"tags": ["x_refsource_MISC"], "url": "https://wp-rocket.me/changelog"}, {"tags": ["x_refsource_MISC"], "url": "https://wpvulndb.com/vulnerabilities/8872"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-11658", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In the WP Rocket plugin 2.9.3 for WordPress, the Local File Inclusion mitigation technique is to trim traversal characters (..) -- however, this is insufficient to stop remote attacks and can be bypassed by using 0x00 bytes, as demonstrated by a .%00.../.%00.../ attack."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://gist.github.com/Shinkurt/157dbb3767c9489f3d754f79b183a890", "refsource": "MISC", "url": "https://gist.github.com/Shinkurt/157dbb3767c9489f3d754f79b183a890"}, {"name": "https://wp-rocket.me/changelog", "refsource": "MISC", "url": "https://wp-rocket.me/changelog"}, {"name": "https://wpvulndb.com/vulnerabilities/8872", "refsource": "MISC", "url": "https://wpvulndb.com/vulnerabilities/8872"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T18:12:40.939Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://gist.github.com/Shinkurt/157dbb3767c9489f3d754f79b183a890"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://wp-rocket.me/changelog"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://wpvulndb.com/vulnerabilities/8872"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2017-11658", "datePublished": "2017-07-26T15:00:00.000Z", "dateReserved": "2017-07-26T00:00:00.000Z", "dateUpdated": "2024-08-05T18:12:40.939Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:wp-rocket:wp-rocket:1.3.0:*:*:*:*:wordpress:*:*", "matchCriteriaId": "DE590550-9E64-4A97-ABF7-53B5DEA5F2C8", "vulnerable": true}, {"criteria": "cpe:2.3:a:wp-rocket:wp-rocket:1.3.1:*:*:*:*:wordpress:*:*", "matchCriteriaId": "2FCACF92-3F5F-40A6-A6FC-0F5E750670E2", "vulnerable": true}, {"criteria": "cpe:2.3:a:wp-rocket:wp-rocket:1.3.2:*:*:*:*:wordpress:*:*", "matchCriteriaId": "3127480F-F9B4-4539-9ED8-AF6FA6AF95C4", "vulnerable": true}, {"criteria": "cpe:2.3:a:wp-rocket:wp-rocket:1.3.3:*:*:*:*:wordpress:*:*", "matchCriteriaId": "CB23D069-3680-4D57-A45E-8F5998840268", "vulnerable": true}, {"criteria": "cpe:2.3:a:wp-rocket:wp-rocket:1.3.4:*:*:*:*:wordpress:*:*", "matchCriteriaId": "914C1A92-F5ED-40C6-AE1D-F761F600EDF6", "vulnerable": true}, {"criteria": "cpe:2.3:a:wp-rocket:wp-rocket:1.3.5:*:*:*:*:wordpress:*:*", "matchCriteriaId": "E8A4E293-9605-42FE-A1B5-7FC9E5133E1F", "vulnerable": true}, {"criteria": "cpe:2.3:a:wp-rocket:wp-rocket:1.3.6:*:*:*:*:wordpress:*:*", "matchCriteriaId": "9DF8D9F8-9D3C-4FDD-B1E0-5BA18CC16370", "vulnerable": true}, {"criteria": "cpe:2.3:a:wp-rocket:wp-rocket:1.3.7:*:*:*:*:wordpress:*:*", "matchCriteriaId": "191EAAE6-DC40-4E3F-9127-09E18BB27701", "vulnerable": true}, {"criteria": "cpe:2.3:a:wp-rocket:wp-rocket:2.0.0:*:*:*:*:wordpress:*:*", "matchCriteriaId": "505A4169-8C32-4163-98BB-331D0085076E", "vulnerable": true}, {"criteria": "cpe:2.3:a:wp-rocket:wp-rocket:2.0.1:*:*:*:*:wordpress:*:*", "matchCriteriaId": "EBF17953-FD42-438A-BDA6-283EC5A38FC9", "vulnerable": true}, {"criteria": "cpe:2.3:a:wp-rocket:wp-rocket:2.0.2:*:*:*:*:wordpress:*:*", "matchCriteriaId": "B187A5E2-A53F-4028-9399-F8913572B92F", "vulnerable": true}, {"criteria": "cpe:2.3:a:wp-rocket:wp-rocket:2.0.3:*:*:*:*:wordpress:*:*", "matchCriteriaId": "15DF3B42-6A90-4073-B46D-85C4EA91E934", "vulnerable": true}, {"criteria": "cpe:2.3:a:wp-rocket:wp-rocket:2.0.4:*:*:*:*:wordpress:*:*", "matchCriteriaId": "8FC1478F-A293-4214-BA5C-64E804B09F92", "vulnerable": true}, {"criteria": "cpe:2.3:a:wp-rocket:wp-rocket:2.0.5:*:*:*:*:wordpress:*:*", "matchCriteriaId": "15BF3CE2-63E1-452D-BF13-C45A5FB0D2F8", "vulnerable": true}, {"criteria": "cpe:2.3:a:wp-rocket:wp-rocket:2.1.0:*:*:*:*:wordpress:*:*", "matchCriteriaId": "1E7C618D-3829-4194-A14E-436B82B8E721", "vulnerable": true}, {"criteria": "cpe:2.3:a:wp-rocket:wp-rocket:2.1.1:*:*:*:*:wordpress:*:*", "matchCriteriaId": "1FA3D72B-8C9F-46F4-A788-742380866840", "vulnerable": true}, {"criteria": "cpe:2.3:a:wp-rocket:wp-rocket:2.2.0:*:*:*:*:wordpress:*:*", "matchCriteriaId": "6AD653B2-0DFA-4BC3-965B-7C8032D2A697", "vulnerable": true}, {"criteria": "cpe:2.3:a:wp-rocket:wp-rocket:2.2.1:*:*:*:*:wordpress:*:*", "matchCriteriaId": "60CF945B-3963-4F74-B4FC-70814AA1C394", "vulnerable": true}, {"criteria": "cpe:2.3:a:wp-rocket:wp-rocket:2.2.2:*:*:*:*:wordpress:*:*", "matchCriteriaId": "03FDF275-CD9F-48C7-91C5-666FA28CA0F1", "vulnerable": true}, {"criteria": "cpe:2.3:a:wp-rocket:wp-rocket:2.2.3:*:*:*:*:wordpress:*:*", "matchCriteriaId": "186340C3-60C9-4D1A-A794-A6FF7FD5245A", "vulnerable": true}, {"criteria": "cpe:2.3:a:wp-rocket:wp-rocket:2.3.0:*:*:*:*:wordpress:*:*", "matchCriteriaId": "522168A9-4D08-4CDC-ABDD-E130D8891269", "vulnerable": true}, {"criteria": "cpe:2.3:a:wp-rocket:wp-rocket:2.3.1:*:*:*:*:wordpress:*:*", "matchCriteriaId": "47C19AB9-9858-4B71-B2A1-ABF713625747", "vulnerable": true}, {"criteria": "cpe:2.3:a:wp-rocket:wp-rocket:2.3.2:*:*:*:*:wordpress:*:*", "matchCriteriaId": "59D73F47-AED8-419E-9AFE-5DE0C0BE53DA", "vulnerable": true}, {"criteria": "cpe:2.3:a:wp-rocket:wp-rocket:2.3.3:*:*:*:*:wordpress:*:*", "matchCriteriaId": "FE406318-CF3D-40CB-9150-D1DB78872C4C", "vulnerable": true}, {"criteria": "cpe:2.3:a:wp-rocket:wp-rocket:2.3.4:*:*:*:*:wordpress:*:*", "matchCriteriaId": "15D44F2F-117C-4700-8012-591658ADC9CF", "vulnerable": true}, {"criteria": "cpe:2.3:a:wp-rocket:wp-rocket:2.3.5:*:*:*:*:wordpress:*:*", "matchCriteriaId": "009A4DBA-7829-491C-99FD-36EB75219AA7", "vulnerable": true}, {"criteria": "cpe:2.3:a:wp-rocket:wp-rocket:2.3.6:*:*:*:*:wordpress:*:*", "matchCriteriaId": "C2D083B6-DA28-4E6C-9EB4-23AC1D6C454D", "vulnerable": true}, {"criteria": "cpe:2.3:a:wp-rocket:wp-rocket:2.3.7:*:*:*:*:wordpress:*:*", "matchCriteriaId": "8899BFA0-867E-45FD-B8C1-8BF78C9CAD4B", "vulnerable": true}, {"criteria": "cpe:2.3:a:wp-rocket:wp-rocket:2.3.8:*:*:*:*:wordpress:*:*", "matchCriteriaId": "FE7D2EEC-05A8-49E5-8AF1-34A0ED8F12A0", "vulnerable": true}, {"criteria": "cpe:2.3:a:wp-rocket:wp-rocket:2.3.9:*:*:*:*:wordpress:*:*", "matchCriteriaId": "A1218861-7461-43E2-97A0-7F7B9792BFC6", "vulnerable": true}, {"criteria": "cpe:2.3:a:wp-rocket:wp-rocket:2.3.10:*:*:*:*:wordpress:*:*", "matchCriteriaId": "079056BE-7970-4FA1-AD39-E60776F7ED83", "vulnerable": true}, {"criteria": "cpe:2.3:a:wp-rocket:wp-rocket:2.3.11:*:*:*:*:wordpress:*:*", "matchCriteriaId": "88C81A66-DB12-4CC2-921B-8CB1C0C56C16", "vulnerable": true}, {"criteria": "cpe:2.3:a:wp-rocket:wp-rocket:2.4.0:*:*:*:*:wordpress:*:*", "matchCriteriaId": "FDF181E6-F30B-41E0-A533-64311D205315", "vulnerable": true}, {"criteria": "cpe:2.3:a:wp-rocket:wp-rocket:2.4.1:*:*:*:*:wordpress:*:*", "matchCriteriaId": "4DF5CD80-C15A-41B0-BE93-2DCDF4E99866", "vulnerable": true}, {"criteria": "cpe:2.3:a:wp-rocket:wp-rocket:2.4.2:*:*:*:*:wordpress:*:*", "matchCriteriaId": "28869339-74FE-4108-A487-AD52DDDB313C", "vulnerable": true}, {"criteria": "cpe:2.3:a:wp-rocket:wp-rocket:2.5.0:*:*:*:*:wordpress:*:*", "matchCriteriaId": "9A5E2717-0EB8-426D-9C9D-9FE6D102AD04", "vulnerable": true}, {"criteria": "cpe:2.3:a:wp-rocket:wp-rocket:2.5.1:*:*:*:*:wordpress:*:*", "matchCriteriaId": "DF051BF6-6A4D-4722-BBF5-D6DE08AFEF05", "vulnerable": true}, {"criteria": "cpe:2.3:a:wp-rocket:wp-rocket:2.5.2:*:*:*:*:wordpress:*:*", "matchCriteriaId": "2B49A300-032F-49AF-9FB4-D361396DD216", "vulnerable": true}, {"criteria": "cpe:2.3:a:wp-rocket:wp-rocket:2.5.3:*:*:*:*:wordpress:*:*", "matchCriteriaId": "8CB42A61-E141-4AD1-A9A1-8B607F1DE442", "vulnerable": true}, {"criteria": "cpe:2.3:a:wp-rocket:wp-rocket:2.5.4:*:*:*:*:wordpress:*:*", "matchCriteriaId": "3A3EF37A-4ADD-4AA9-9A8B-F9CE8C486DE5", "vulnerable": true}, {"criteria": "cpe:2.3:a:wp-rocket:wp-rocket:2.5.5:*:*:*:*:wordpress:*:*", "matchCriteriaId": "9304C1A0-DC00-4B76-9822-8ED674EA0906", "vulnerable": true}, {"criteria": "cpe:2.3:a:wp-rocket:wp-rocket:2.5.6:*:*:*:*:wordpress:*:*", "matchCriteriaId": "C9647B44-A7E9-411D-A361-70C2D2F2426C", "vulnerable": true}, {"criteria": "cpe:2.3:a:wp-rocket:wp-rocket:2.5.7:*:*:*:*:wordpress:*:*", "matchCriteriaId": "4E6A1D0B-EABF-4C09-B716-41FF31A44FB1", "vulnerable": true}, {"criteria": "cpe:2.3:a:wp-rocket:wp-rocket:2.5.8:*:*:*:*:wordpress:*:*", "matchCriteriaId": "BCC64FA5-2E44-415C-9C53-9492FBADB7C3", "vulnerable": true}, {"criteria": "cpe:2.3:a:wp-rocket:wp-rocket:2.5.9:*:*:*:*:wordpress:*:*", "matchCriteriaId": "664F0406-D68B-4B04-9FCE-2D0346862C69", "vulnerable": true}, {"criteria": "cpe:2.3:a:wp-rocket:wp-rocket:2.5.10:*:*:*:*:wordpress:*:*", "matchCriteriaId": "080477D9-1FA2-41C0-A010-B98FD468405F", "vulnerable": true}, {"criteria": "cpe:2.3:a:wp-rocket:wp-rocket:2.5.11:*:*:*:*:wordpress:*:*", "matchCriteriaId": "E68BBA9D-F6E8-4E8D-AC55-49BBD613CEC2", "vulnerable": true}, {"criteria": "cpe:2.3:a:wp-rocket:wp-rocket:2.5.12:*:*:*:*:wordpress:*:*", "matchCriteriaId": "8035B861-8532-470E-9086-A0AC251527A9", "vulnerable": true}, {"criteria": "cpe:2.3:a:wp-rocket:wp-rocket:2.6.0:*:*:*:*:wordpress:*:*", "matchCriteriaId": "D25CA333-5CE0-4673-8576-818CF5FD20E0", "vulnerable": true}, {"criteria": "cpe:2.3:a:wp-rocket:wp-rocket:2.6.1.1:*:*:*:*:wordpress:*:*", "matchCriteriaId": "323B178D-EDE2-43FD-A25F-06EEDF0972F7", "vulnerable": true}, {"criteria": "cpe:2.3:a:wp-rocket:wp-rocket:2.6.2:*:*:*:*:wordpress:*:*", "matchCriteriaId": "7FC10E2B-8F85-495A-97CA-AC764EDA9DC2", "vulnerable": true}, {"criteria": "cpe:2.3:a:wp-rocket:wp-rocket:2.6.3:*:*:*:*:wordpress:*:*", "matchCriteriaId": "2E8C2CD3-0B38-45D5-934F-66D4B253DFC1", "vulnerable": true}, {"criteria": "cpe:2.3:a:wp-rocket:wp-rocket:2.6.4:*:*:*:*:wordpress:*:*", "matchCriteriaId": "C8F039C3-B46C-451E-85FB-A6F95407BF9D", "vulnerable": true}, {"criteria": "cpe:2.3:a:wp-rocket:wp-rocket:2.6.5:*:*:*:*:wordpress:*:*", "matchCriteriaId": "846E3BD9-11DA-4004-9749-051F22FCF6FB", "vulnerable": true}, {"criteria": "cpe:2.3:a:wp-rocket:wp-rocket:2.6.6:*:*:*:*:wordpress:*:*", "matchCriteriaId": "E20BF544-6E8E-401C-96B6-E873B7BAB6F9", "vulnerable": true}, {"criteria": "cpe:2.3:a:wp-rocket:wp-rocket:2.6.7:*:*:*:*:wordpress:*:*", "matchCriteriaId": "C00682F5-A103-40D3-83A6-2908A5F422AD", "vulnerable": true}, {"criteria": "cpe:2.3:a:wp-rocket:wp-rocket:2.6.8:*:*:*:*:wordpress:*:*", "matchCriteriaId": "1C74E1E6-01BE-4119-BB2B-5F7DB70B21C7", "vulnerable": true}, {"criteria": "cpe:2.3:a:wp-rocket:wp-rocket:2.6.9:*:*:*:*:wordpress:*:*", "matchCriteriaId": "20614A15-758A-4CE2-B399-AD16C72EAFD8", "vulnerable": true}, {"criteria": "cpe:2.3:a:wp-rocket:wp-rocket:2.6.10:*:*:*:*:wordpress:*:*", "matchCriteriaId": "CE925A09-E172-437A-961D-3001608B378B", "vulnerable": true}, {"criteria": "cpe:2.3:a:wp-rocket:wp-rocket:2.6.11:*:*:*:*:wordpress:*:*", "matchCriteriaId": "E2005A1F-BA74-43E5-A29F-63E093B865C6", "vulnerable": true}, {"criteria": "cpe:2.3:a:wp-rocket:wp-rocket:2.6.12:*:*:*:*:wordpress:*:*", "matchCriteriaId": "2656367B-09E8-49DA-9618-D38E6D3A7614", "vulnerable": true}, {"criteria": "cpe:2.3:a:wp-rocket:wp-rocket:2.6.13:*:*:*:*:wordpress:*:*", "matchCriteriaId": "328524A1-278B-4105-BD3B-4A045C05B198", "vulnerable": true}, {"criteria": "cpe:2.3:a:wp-rocket:wp-rocket:2.6.14:*:*:*:*:wordpress:*:*", "matchCriteriaId": "441FEDC1-41CC-4A6D-8D93-EAFFAB924C10", "vulnerable": true}, {"criteria": "cpe:2.3:a:wp-rocket:wp-rocket:2.6.15:*:*:*:*:wordpress:*:*", "matchCriteriaId": "F4A2C7CD-00FD-48D6-8577-C3756FA2BA96", "vulnerable": true}, {"criteria": "cpe:2.3:a:wp-rocket:wp-rocket:2.6.16:*:*:*:*:wordpress:*:*", "matchCriteriaId": "07489703-482E-4E8E-BE6B-BA9B861DFCC1", "vulnerable": true}, {"criteria": "cpe:2.3:a:wp-rocket:wp-rocket:2.7.0:*:*:*:*:wordpress:*:*", "matchCriteriaId": "086A1BA0-4667-41DF-8B36-9293E0C6FB15", "vulnerable": true}, {"criteria": "cpe:2.3:a:wp-rocket:wp-rocket:2.7.1:*:*:*:*:wordpress:*:*", "matchCriteriaId": "307C5A42-A035-411C-93FF-70588A0BABC2", "vulnerable": true}, {"criteria": "cpe:2.3:a:wp-rocket:wp-rocket:2.7.2:*:*:*:*:wordpress:*:*", "matchCriteriaId": "57DF001B-245A-4AD2-B0C3-D35FC0BDB0EE", "vulnerable": true}, {"criteria": "cpe:2.3:a:wp-rocket:wp-rocket:2.7.3:*:*:*:*:wordpress:*:*", "matchCriteriaId": "8EF3A5F4-411B-4377-8205-6CB787C2DCE4", "vulnerable": true}, {"criteria": "cpe:2.3:a:wp-rocket:wp-rocket:2.7.4:*:*:*:*:wordpress:*:*", "matchCriteriaId": "2D4970F8-0425-4333-957A-10B058C01EEF", "vulnerable": true}, {"criteria": "cpe:2.3:a:wp-rocket:wp-rocket:2.8.0:*:*:*:*:wordpress:*:*", "matchCriteriaId": "22E49101-DBCD-473D-9550-593AB9D57AE1", "vulnerable": true}, {"criteria": "cpe:2.3:a:wp-rocket:wp-rocket:2.8.1:*:*:*:*:wordpress:*:*", "matchCriteriaId": "A8AE1C49-EE09-42F1-94BB-A7684B337FE9", "vulnerable": true}, {"criteria": "cpe:2.3:a:wp-rocket:wp-rocket:2.8.2:*:*:*:*:wordpress:*:*", "matchCriteriaId": "F816A4CD-723F-483B-8115-C6DDD5362CD7", "vulnerable": true}, {"criteria": "cpe:2.3:a:wp-rocket:wp-rocket:2.8.3:*:*:*:*:wordpress:*:*", "matchCriteriaId": "6762EF26-1EE9-449F-8EE4-04E545FE54A6", "vulnerable": true}, {"criteria": "cpe:2.3:a:wp-rocket:wp-rocket:2.8.4:*:*:*:*:wordpress:*:*", "matchCriteriaId": "34B53033-0037-43F2-9A52-EEEF49516A50", "vulnerable": true}, {"criteria": "cpe:2.3:a:wp-rocket:wp-rocket:2.8.5:*:*:*:*:wordpress:*:*", "matchCriteriaId": "294F2DDD-1C6D-4AE6-A472-AA2B52697BDA", "vulnerable": true}, {"criteria": "cpe:2.3:a:wp-rocket:wp-rocket:2.8.6:*:*:*:*:wordpress:*:*", "matchCriteriaId": "BA42031A-F1FD-4C3E-B67E-ABBE247590DF", "vulnerable": true}, {"criteria": "cpe:2.3:a:wp-rocket:wp-rocket:2.8.7:*:*:*:*:wordpress:*:*", "matchCriteriaId": "5CB7E5F7-8EB8-44F2-A6D4-A5FDD09264DD", "vulnerable": true}, {"criteria": "cpe:2.3:a:wp-rocket:wp-rocket:2.8.8:*:*:*:*:wordpress:*:*", "matchCriteriaId": "4F8B8521-6B39-4925-BE73-7A083F67AE0B", "vulnerable": true}, {"criteria": "cpe:2.3:a:wp-rocket:wp-rocket:2.8.9:*:*:*:*:wordpress:*:*", "matchCriteriaId": "4C852816-FC67-4625-8009-4A594962650E", "vulnerable": true}, {"criteria": "cpe:2.3:a:wp-rocket:wp-rocket:2.8.10:*:*:*:*:wordpress:*:*", "matchCriteriaId": "4A83F278-7F8F-4257-AC66-BDF29C2E7E94", "vulnerable": true}, {"criteria": "cpe:2.3:a:wp-rocket:wp-rocket:2.8.11:*:*:*:*:wordpress:*:*", "matchCriteriaId": "EE8BC797-9717-4799-B7AA-9A6FF48243D5", "vulnerable": true}, {"criteria": "cpe:2.3:a:wp-rocket:wp-rocket:2.8.12:*:*:*:*:wordpress:*:*", "matchCriteriaId": "5DADB00D-95B2-4B36-B531-50F2BD99597F", "vulnerable": true}, {"criteria": "cpe:2.3:a:wp-rocket:wp-rocket:2.8.13:*:*:*:*:wordpress:*:*", "matchCriteriaId": "67D9996B-02C2-4886-9FFB-55FDF9B00B35", "vulnerable": true}, {"criteria": "cpe:2.3:a:wp-rocket:wp-rocket:2.8.14:*:*:*:*:wordpress:*:*", "matchCriteriaId": "06993847-E213-4FD9-9E4B-FDA759F293C5", "vulnerable": true}, {"criteria": "cpe:2.3:a:wp-rocket:wp-rocket:2.8.15:*:*:*:*:wordpress:*:*", "matchCriteriaId": "FDC992F8-A687-417F-858C-3EA58267322E", "vulnerable": true}, {"criteria": "cpe:2.3:a:wp-rocket:wp-rocket:2.8.16:*:*:*:*:wordpress:*:*", "matchCriteriaId": "4A0E3FAC-5BD4-482E-9C65-D1A90AEC4AB0", "vulnerable": true}, {"criteria": "cpe:2.3:a:wp-rocket:wp-rocket:2.8.17:*:*:*:*:wordpress:*:*", "matchCriteriaId": "F4E65F96-F6FF-40A3-99B3-765A65C4916B", "vulnerable": true}, {"criteria": "cpe:2.3:a:wp-rocket:wp-rocket:2.8.18:*:*:*:*:wordpress:*:*", "matchCriteriaId": "E89D6124-F117-4508-9B2B-7F6FFB9DD6AD", "vulnerable": true}, {"criteria": "cpe:2.3:a:wp-rocket:wp-rocket:2.8.19:*:*:*:*:wordpress:*:*", "matchCriteriaId": "441DA0FF-CA02-4378-9C79-2452689B33FE", "vulnerable": true}, {"criteria": "cpe:2.3:a:wp-rocket:wp-rocket:2.8.20:*:*:*:*:wordpress:*:*", "matchCriteriaId": "11FEE42D-B075-4405-B8EC-4B6E84BE149D", "vulnerable": true}, {"criteria": "cpe:2.3:a:wp-rocket:wp-rocket:2.8.21:*:*:*:*:wordpress:*:*", "matchCriteriaId": "07B9F100-2E71-4C8D-A35D-805BE6C521BC", "vulnerable": true}, {"criteria": "cpe:2.3:a:wp-rocket:wp-rocket:2.8.23:*:*:*:*:wordpress:*:*", "matchCriteriaId": "593E2898-798E-4D27-AD30-E89D4B665F75", "vulnerable": true}, {"criteria": "cpe:2.3:a:wp-rocket:wp-rocket:2.9.0:*:*:*:*:wordpress:*:*", "matchCriteriaId": "CFAD0798-D129-45D7-BB34-1B132620EEEF", "vulnerable": true}, {"criteria": "cpe:2.3:a:wp-rocket:wp-rocket:2.9.1:*:*:*:*:wordpress:*:*", "matchCriteriaId": "F492E828-B1A4-48A5-BB9A-A4B21FF22CDE", "vulnerable": true}, {"criteria": "cpe:2.3:a:wp-rocket:wp-rocket:2.9.2:*:*:*:*:wordpress:*:*", "matchCriteriaId": "EEE58EF4-7141-4F91-8E57-52A8A064298B", "vulnerable": true}, {"criteria": "cpe:2.3:a:wp-rocket:wp-rocket:2.9.3:*:*:*:*:wordpress:*:*", "matchCriteriaId": "9AC4A290-6F60-4E31-B87F-F70ACA0471A4", "vulnerable": true}, {"criteria": "cpe:2.3:a:wp-rocket:wp-rocket:2.9.4:*:*:*:*:wordpress:*:*", "matchCriteriaId": "D12B85FE-7187-4F72-8E1F-6DFE1693AA15", "vulnerable": true}, {"criteria": "cpe:2.3:a:wp-rocket:wp-rocket:2.9.5:*:*:*:*:wordpress:*:*", "matchCriteriaId": "57206522-62AE-4FCB-A6A6-46CD993F7EB8", "vulnerable": true}, {"criteria": "cpe:2.3:a:wp-rocket:wp-rocket:2.9.6:*:*:*:*:wordpress:*:*", "matchCriteriaId": "9BAF2690-E9F7-4B63-8B60-B9090911C346", "vulnerable": true}, {"criteria": "cpe:2.3:a:wp-rocket:wp-rocket:2.9.7:*:*:*:*:wordpress:*:*", "matchCriteriaId": "3A4E290E-1A92-432C-9A3E-845B2E4CB4EC", "vulnerable": true}, {"criteria": "cpe:2.3:a:wp-rocket:wp-rocket:2.9.8:*:*:*:*:wordpress:*:*", "matchCriteriaId": "63CD0478-B6F8-44A6-A3F2-07A272E7C83A", "vulnerable": true}, {"criteria": "cpe:2.3:a:wp-rocket:wp-rocket:2.9.8.1:*:*:*:*:wordpress:*:*", "matchCriteriaId": "8EE1A656-8C61-467D-98D4-16E5261F5D8F", "vulnerable": true}, {"criteria": "cpe:2.3:a:wp-rocket:wp-rocket:2.9.9:*:*:*:*:wordpress:*:*", "matchCriteriaId": "47DDE391-D3DC-4309-A755-3E47BF9C1D56", "vulnerable": true}, {"criteria": "cpe:2.3:a:wp-rocket:wp-rocket:2.9.10:*:*:*:*:wordpress:*:*", "matchCriteriaId": "84C52DD0-E046-4293-97F5-85A0EF82BE99", "vulnerable": true}, {"criteria": "cpe:2.3:a:wp-rocket:wp-rocket:2.9.11:*:*:*:*:wordpress:*:*", "matchCriteriaId": "F9FF47A0-156D-4224-9945-7B6D7C28CC2C", "vulnerable": true}, {"criteria": "cpe:2.3:a:wp-rocket:wp-rocket:2.10.0:*:*:*:*:wordpress:*:*", "matchCriteriaId": "AB72E496-A2F6-4F5E-A512-9F1886FCF04C", "vulnerable": true}, {"criteria": "cpe:2.3:a:wp-rocket:wp-rocket:2.10.1:*:*:*:*:wordpress:*:*", "matchCriteriaId": "A6DD0842-6CEF-46BF-8839-B725FF5A15C4", "vulnerable": true}, {"criteria": "cpe:2.3:a:wp-rocket:wp-rocket:2.10.2:*:*:*:*:wordpress:*:*", "matchCriteriaId": "CE11ACF1-63E4-4BB6-B240-6ED1036318A5", "vulnerable": true}, {"criteria": "cpe:2.3:a:wp-rocket:wp-rocket:2.10.3:*:*:*:*:wordpress:*:*", "matchCriteriaId": "91017243-DCE3-4611-98BB-6656F6886559", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the WP Rocket plugin 2.9.3 for WordPress, the Local File Inclusion mitigation technique is to trim traversal characters (..) -- however, this is insufficient to stop remote attacks and can be bypassed by using 0x00 bytes, as demonstrated by a .%00.../.%00.../ attack."}, {"lang": "es", "value": "En el plugin Rocket WP versi\u00f3n 2.9.3 para WordPress, la t\u00e9cnica de mitigaci\u00f3n de Inclusi\u00f3n de Archivos Locales es un corte transversal de caracteres (..) -- sin embargo, esto es insuficiente para detener los ataques remotos y se puede omitir mediante el uso 0x00 bytes, como es demostrado por un ataque .%00.../.%00.../."}], "id": "CVE-2017-11658", "lastModified": "2026-05-13T00:24:29.033", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-07-26T15:29:00.250", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://gist.github.com/Shinkurt/157dbb3767c9489f3d754f79b183a890"}, {"source": "cve@mitre.org", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://wp-rocket.me/changelog"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://wpvulndb.com/vulnerabilities/8872"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://gist.github.com/Shinkurt/157dbb3767c9489f3d754f79b183a890"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://wp-rocket.me/changelog"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://wpvulndb.com/vulnerabilities/8872"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}