76 matches found
CVE-2026-57671
Unauthenticated Cross Site Scripting XSS in perfmatters = 2.6.4 versions...
CVE-2026-57671 WordPress perfmatters plugin <= 2.6.4 - Cross Site Scripting (XSS) vulnerability
Unauthenticated Cross Site Scripting XSS in perfmatters = 2.6.4 versions...
CVE-2026-57671
Technical details are not publicly available in the provided documents. Monitor for updates.
CVE-2026-13251
The Perfmatters plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.6.4 via the 's' parameter. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information...
CVE-2026-13251 Perfmatters <= 2.6.4 - Unauthenticated Arbitrary File Read via 's' Parameter
The Perfmatters plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.6.4 via the 's' parameter. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information...
EUVD-2026-41272
The Perfmatters plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.6.4 via the 's' parameter. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information...
CVE-2026-13251
The Perfmatters plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.6.4 via the 's' parameter. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information...
WordPress Perfmatters plugin <= 2.6.4 - Unauthenticated Arbitrary File Read vulnerability
Unauthenticated Arbitrary File Read vulnerability discovered by daroo in WordPress Plugin perfmatters versions = 2.6.4...
CVE-2026-56047
Unauthenticated Cross Site Scripting XSS in perfmatters = 2.6.3 versions...
EUVD-2026-39708
Unauthenticated Cross Site Scripting XSS in perfmatters = 2.6.3 versions...
CVE-2026-56047
CVE-2026-56047 concerns the WordPress perfmatters plugin, affected versions <= 2.6.3. The connected sources confirm an unauthenticated cross-site scripting (XSS) vulnerability, with the CVSSv3.1 base score of 7.1 (HIGH). The attack vector is network, with low attack complexity, requiring user ...
CVE-2026-56047 WordPress perfmatters plugin <= 2.6.3 - Reflected Cross Site Scripting (XSS) vulnerability
Unauthenticated Cross Site Scripting XSS in perfmatters = 2.6.3 versions...
CVE-2026-4351
The Perfmatters plugin for WordPress is vulnerable to arbitrary file overwrite via path traversal in all versions up to, and including, 2.5.9. This is due to the PMCS::actionhandler method processing the bulk action activate/deactivate handlers without any authorization check or nonce verificatio...
Exploit for CVE-2026-4350
CVE-2026-4350 - Perfmatters WordPress Arbitrary File Deletion...
WordPress Perfmatters plugin <= 2.5.9 - Authenticated (Subscriber+) Arbitrary File Overwrite via 'snippets' Parameter vulnerability
Authenticated Subscriber+ Arbitrary File Overwrite via 'snippets' Parameter vulnerability discovered by hoshino in WordPress Plugin Perfmatters versions = 2.5.9...
CVE-2026-4351
The Perfmatters plugin for WordPress is vulnerable to arbitrary file overwrite via path traversal in all versions up to, and including, 2.5.9. This is due to the PMCS::actionhandler method processing the bulk action activate/deactivate handlers without any authorization check or nonce verificatio...
CVE-2026-4351 Perfmatters <= 2.5.9 - Authenticated (Subscriber+) Arbitrary File Overwrite via 'snippets' Parameter
The Perfmatters plugin for WordPress is vulnerable to arbitrary file overwrite via path traversal in all versions up to, and including, 2.5.9. This is due to the PMCS::actionhandler method processing the bulk action activate/deactivate handlers without any authorization check or nonce verificatio...
EUVD-2026-21262
The Perfmatters plugin for WordPress is vulnerable to arbitrary file overwrite via path traversal in all versions up to, and including, 2.5.9. This is due to the PMCS::actionhandler method processing the bulk action activate/deactivate handlers without any authorization check or nonce verificatio...
CVE-2026-4351
CVE-2026-4351 concerns the Perfmatters WordPress plugin (≤ 2.5.9). The issue arises from PMCS::action_handler() handling bulk activate/deactivate actions without proper authorization or nonce verification. User-supplied $_GET['snippets'][] values are passed unsanitized to Snippet::activate()/Snip...
CVE-2026-4351
The Perfmatters plugin for WordPress is vulnerable to arbitrary file overwrite via path traversal in all versions up to, and including, 2.5.9. This is due to the PMCS::actionhandler method processing the bulk action activate/deactivate handlers without any authorization check or nonce verificatio...