Lucene search
K

76 matches found

NVD
NVD
added 6 hours ago4 views

CVE-2026-57671

Unauthenticated Cross Site Scripting XSS in perfmatters = 2.6.4 versions...

7.1CVSS
Exploits0References1
Cvelist
Cvelist
added 7 hours ago5 views

CVE-2026-57671 WordPress perfmatters plugin <= 2.6.4 - Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in perfmatters = 2.6.4 versions...

7.1CVSS
Exploits0References1
CVE
CVE
added 7 hours ago6 views

CVE-2026-57671

Technical details are not publicly available in the provided documents. Monitor for updates.

7.1CVSS5.8AI score
Exploits0References1
NVD
NVD
added 8 hours ago5 views

CVE-2026-13251

The Perfmatters plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.6.4 via the 's' parameter. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information...

7.5CVSS
Exploits0References3
Cvelist
Cvelist
added 9 hours ago6 views

CVE-2026-13251 Perfmatters <= 2.6.4 - Unauthenticated Arbitrary File Read via 's' Parameter

The Perfmatters plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.6.4 via the 's' parameter. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information...

7.5CVSS
Exploits0References3
EUVD
EUVD
added 9 hours ago5 views

EUVD-2026-41272

The Perfmatters plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.6.4 via the 's' parameter. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information...

7.5CVSS5.9AI score
Exploits0References3
CVE
CVE
added 9 hours ago10 views

CVE-2026-13251

The Perfmatters plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.6.4 via the 's' parameter. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information...

7.5CVSS5.9AI score
Exploits0References3
Patchstack
Patchstack
added 11 hours ago6 views

WordPress Perfmatters plugin <= 2.6.4 - Unauthenticated Arbitrary File Read vulnerability

Unauthenticated Arbitrary File Read vulnerability discovered by daroo in WordPress Plugin perfmatters versions = 2.6.4...

7.5CVSS5.8AI score
Exploits0References1Affected Software1
NVD
NVD
added 6 days ago6 views

CVE-2026-56047

Unauthenticated Cross Site Scripting XSS in perfmatters = 2.6.3 versions...

7.1CVSS0.0018EPSS
Exploits0References1
EUVD
EUVD
added 6 days ago4 views

EUVD-2026-39708

Unauthenticated Cross Site Scripting XSS in perfmatters = 2.6.3 versions...

7.1CVSS5.8AI score0.0018EPSS
Exploits0References1
CVE
CVE
added 6 days ago15 views

CVE-2026-56047

CVE-2026-56047 concerns the WordPress perfmatters plugin, affected versions &lt;= 2.6.3. The connected sources confirm an unauthenticated cross-site scripting (XSS) vulnerability, with the CVSSv3.1 base score of 7.1 (HIGH). The attack vector is network, with low attack complexity, requiring user ...

7.1CVSS5.8AI score0.0018EPSS
Exploits0References1
Cvelist
Cvelist
added 6 days ago33 views

CVE-2026-56047 WordPress perfmatters plugin <= 2.6.3 - Reflected Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in perfmatters = 2.6.3 versions...

7.1CVSS0.0018EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:14 p.m.10 views

CVE-2026-4351

The Perfmatters plugin for WordPress is vulnerable to arbitrary file overwrite via path traversal in all versions up to, and including, 2.5.9. This is due to the PMCS::actionhandler method processing the bulk action activate/deactivate handlers without any authorization check or nonce verificatio...

8.1CVSS5.7AI score0.00408EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2026/04/11 2:46 a.m.103 views

Exploit for CVE-2026-4350

CVE-2026-4350 - Perfmatters WordPress Arbitrary File Deletion...

8.1CVSS5.9AI score0.00658EPSS
Exploits1
Patchstack
Patchstack
added 2026/04/10 12:22 p.m.5 views

WordPress Perfmatters plugin <= 2.5.9 - Authenticated (Subscriber+) Arbitrary File Overwrite via 'snippets' Parameter vulnerability

Authenticated Subscriber+ Arbitrary File Overwrite via 'snippets' Parameter vulnerability discovered by hoshino in WordPress Plugin Perfmatters versions = 2.5.9...

8.1CVSS5.8AI score0.00408EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/04/10 2:16 a.m.3 views

CVE-2026-4351

The Perfmatters plugin for WordPress is vulnerable to arbitrary file overwrite via path traversal in all versions up to, and including, 2.5.9. This is due to the PMCS::actionhandler method processing the bulk action activate/deactivate handlers without any authorization check or nonce verificatio...

8.1CVSS0.00408EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/10 1:24 a.m.26 views

CVE-2026-4351 Perfmatters <= 2.5.9 - Authenticated (Subscriber+) Arbitrary File Overwrite via 'snippets' Parameter

The Perfmatters plugin for WordPress is vulnerable to arbitrary file overwrite via path traversal in all versions up to, and including, 2.5.9. This is due to the PMCS::actionhandler method processing the bulk action activate/deactivate handlers without any authorization check or nonce verificatio...

8.1CVSS0.00408EPSS
Exploits0References2
EUVD
EUVD
added 2026/04/10 1:24 a.m.3 views

EUVD-2026-21262

The Perfmatters plugin for WordPress is vulnerable to arbitrary file overwrite via path traversal in all versions up to, and including, 2.5.9. This is due to the PMCS::actionhandler method processing the bulk action activate/deactivate handlers without any authorization check or nonce verificatio...

8.1CVSS6.1AI score0.00408EPSS
Exploits0References2
CVE
CVE
added 2026/04/10 1:24 a.m.21 views

CVE-2026-4351

CVE-2026-4351 concerns the Perfmatters WordPress plugin (≤ 2.5.9). The issue arises from PMCS::action_handler() handling bulk activate/deactivate actions without proper authorization or nonce verification. User-supplied $_GET['snippets'][] values are passed unsanitized to Snippet::activate()/Snip...

8.1CVSS6.1AI score0.00408EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/10 1:24 a.m.2 views

CVE-2026-4351

The Perfmatters plugin for WordPress is vulnerable to arbitrary file overwrite via path traversal in all versions up to, and including, 2.5.9. This is due to the PMCS::actionhandler method processing the bulk action activate/deactivate handlers without any authorization check or nonce verificatio...

8.1CVSS6.1AI score0.00408EPSS
Exploits0References3
Rows per page
Query Builder