CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Cvelist•added 2026/04/10 1:24 a.m.•26 views

CVE-2026-4351 Perfmatters <= 2.5.9 - Authenticated (Subscriber+) Arbitrary File Overwrite via 'snippets' Parameter

8.1CVSS0.00408EPSS

ATTACKERKB•added 2026/04/10 1:24 a.m.•2 views

CVE-2026-4351

8.1CVSS6.1AI score0.00408EPSS

Exploits0References3

Vulnrichment•added 2026/04/10 1:24 a.m.•3 views

CVE-2026-4351 Perfmatters <= 2.5.9 - Authenticated (Subscriber+) Arbitrary File Overwrite via 'snippets' Parameter

8.1CVSS5.9AI score0.00408EPSS

EUVD•added 2026/04/10 1:24 a.m.•3 views

EUVD-2026-21262

8.1CVSS6.1AI score0.00408EPSS

CVE•added 2026/04/10 1:24 a.m.•17 views

CVE-2026-4351

CVE-2026-4351 concerns the Perfmatters WordPress plugin (≤ 2.5.9). The issue arises from PMCS::action_handler() handling bulk activate/deactivate actions without proper authorization or nonce verification. User-supplied $_GET['snippets'][] values are passed unsanitized to Snippet::activate()/Snip...

8.1CVSS6.1AI score0.00408EPSS

CNNVD•added 2026/04/10 12:0 a.m.•4 views

WordPress plugin Perfmatters 路径遍历漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

8.1CVSS5.9AI score0.00408EPSS

Positive Technologies•added 2026/04/10 12:0 a.m.•5 views

PT-2026-31849

Name of the Vulnerable Software and Affected Versions Perfmatters plugin for WordPress versions up to and including 2.5.9 Description The Perfmatters plugin for WordPress is susceptible to arbitrary file overwrite through path traversal. This occurs because the PMCS::action handler method process...

8.1CVSS5.9AI score0.00408EPSS

Exploits0References5

RedhatCVE•added 2026/04/04 11:2 a.m.•3 views

CVE-2026-4350

The Perfmatters plugin for WordPress is vulnerable to arbitrary file deletion via path traversal in all versions up to, and including, 2.5.9.1. This is due to the PMCS::actionhandler method processing the $GET'delete' parameter without any sanitization, authorization check, or nonce verification...

EUVD•added 2026/04/03 9:30 a.m.•4 views

Exploits1References1

EUVD-2026-18609

NVD•added 2026/04/03 8:16 a.m.•5 views

Exploits1References3

CVE-2026-4350

8.1CVSS0.00658EPSS

Vulnrichment•added 2026/04/03 7:41 a.m.•3 views

CVE-2026-4350 Perfmatters <= 2.5.9.1 - Authenticated (Subscriber+) Arbitrary File Deletion via 'delete' Parameter

Cvelist•added 2026/04/03 7:41 a.m.•22 views

CVE-2026-4350 Perfmatters <= 2.5.9.1 - Authenticated (Subscriber+) Arbitrary File Deletion via 'delete' Parameter

8.1CVSS0.00658EPSS

ATTACKERKB•added 2026/04/03 7:41 a.m.•4 views

CVE-2026-4350

CVE•added 2026/04/03 7:41 a.m.•34 views

Exploits1References3

CVE-2026-4350

CVE-2026-4350 – Perfmatters WordPress plugin : The vulnerability affects versions up to 2.5.9.1. The PMCS::action_handler() mishandles the $_GET['delete'] parameter without sanitization, authorization, or nonce verification, allowing path traversal via ../ and triggering arbitrary file deletion (...

Patchstack•added 2026/04/03 6:57 a.m.•4 views

WordPress Perfmatters plugin <= 2.5.9.1 - Authenticated (Subscriber+) Arbitrary File Deletion via 'delete' Parameter vulnerability

Authenticated Subscriber+ Arbitrary File Deletion via 'delete' Parameter vulnerability discovered by hoshino in WordPress Plugin Perfmatters versions = 2.5.9.1...

8.1CVSS5.9AI score0.00658EPSS

Exploits1References1Affected Software1

CNNVD•added 2026/04/03 12:0 a.m.•5 views

WordPress plugin Perfmatters 路径遍历漏洞

8.1CVSS7.4AI score0.00658EPSS