CVE-2026-3550

Name of the Vulnerable Software and Affected Versions RockPress versions up to and including 1.0.17

Description The RockPress plugin for WordPress is susceptible to a missing authorization issue. This is due to the absence of capability checks on several AJAX actions – rockpress import, rockpress import status, rockpress last import, rockpress reset import, and rockpress check services. The plugin’s nonce is exposed to all authenticated users through an unconditionally enqueued admin script. Specifically, the ‘rockpress-admin’ script is enqueued on all admin pages, including profile.php, without any restrictions. The nonce for the ‘rockpress-nonce’ action is passed to this script via wp localize script. Because the AJAX handlers only verify the nonce and do not verify current user can(), any authenticated user, even those with Subscriber-level access, can extract the nonce from the HTML source code of any admin page. This allows them to trigger imports, reset import data, check service connectivity, and read import status information, actions that should be restricted to administrators.

Recommendations Update RockPress to a version later than 1.0.17.