Since when does a hacked website gain root? What argument is next, when your storage solution is hacked they have access to your files? Are you not working with linux? How frequent are exploits that give you a root.
I was responding to jeremy ardley considering root access gained.
Apart from this privilege escalation is a real threat: https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=privilege+escalation
This link is crap, did you even read a few items on this page? Put then a link to the apache httpd root access.
Fact still remains that nobody here on this list has eternal life nor eternal resources, so you would be stupid to focus on your webserver root access exploit instead of roundcube.
Next to that, it is more common these days to use containers so there is not even a webserver that runs root.