Lucene search
K

26 matches found

Cvelist
Cvelist
added 2026/07/02 11:15 a.m.35 views

CVE-2026-57671 WordPress perfmatters plugin <= 2.6.4 - Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in perfmatters = 2.6.4 versions...

7.1CVSS0.00191EPSS
Exploits0References1
CVE
CVE
added 2026/07/02 11:15 a.m.22 views

CVE-2026-57671

Technical details are not publicly available in the provided documents. Monitor for updates.

7.1CVSS5.8AI score0.00191EPSS
Exploits0References1
NVD
NVD
added 2026/07/02 10:16 a.m.8 views

CVE-2026-13251

The Perfmatters plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.6.4 via the 's' parameter. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information...

7.5CVSS0.0082EPSS
Exploits0References3
EUVD
EUVD
added 2026/07/02 9:32 a.m.8 views

EUVD-2026-41272

The Perfmatters plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.6.4 via the 's' parameter. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information...

7.5CVSS5.9AI score0.0082EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/26 2:52 p.m.38 views

CVE-2026-56047 WordPress perfmatters plugin <= 2.6.3 - Reflected Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in perfmatters = 2.6.3 versions...

7.1CVSS0.0018EPSS
Exploits0References1
CVE
CVE
added 2026/06/26 2:52 p.m.21 views

CVE-2026-56047

CVE-2026-56047 concerns the WordPress perfmatters plugin, affected versions &lt;= 2.6.3. The connected sources confirm an unauthenticated cross-site scripting (XSS) vulnerability, with the CVSSv3.1 base score of 7.1 (HIGH). The attack vector is network, with low attack complexity, requiring user ...

7.1CVSS5.8AI score0.0018EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:14 p.m.11 views

CVE-2026-4351

The Perfmatters plugin for WordPress is vulnerable to arbitrary file overwrite via path traversal in all versions up to, and including, 2.5.9. This is due to the PMCS::actionhandler method processing the bulk action activate/deactivate handlers without any authorization check or nonce verificatio...

8.1CVSS5.7AI score0.00408EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2026/04/11 2:46 a.m.119 views

Exploit for CVE-2026-4350

CVE-2026-4350 - Perfmatters WordPress Arbitrary File Deletion...

8.1CVSS5.9AI score0.00658EPSS
Exploits1
NVD
NVD
added 2026/04/10 2:16 a.m.5 views

CVE-2026-4351

The Perfmatters plugin for WordPress is vulnerable to arbitrary file overwrite via path traversal in all versions up to, and including, 2.5.9. This is due to the PMCS::actionhandler method processing the bulk action activate/deactivate handlers without any authorization check or nonce verificatio...

8.1CVSS0.00408EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/10 1:24 a.m.4 views

CVE-2026-4351 Perfmatters <= 2.5.9 - Authenticated (Subscriber+) Arbitrary File Overwrite via 'snippets' Parameter

The Perfmatters plugin for WordPress is vulnerable to arbitrary file overwrite via path traversal in all versions up to, and including, 2.5.9. This is due to the PMCS::actionhandler method processing the bulk action activate/deactivate handlers without any authorization check or nonce verificatio...

8.1CVSS5.9AI score0.00408EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/10 1:24 a.m.3 views

CVE-2026-4351

The Perfmatters plugin for WordPress is vulnerable to arbitrary file overwrite via path traversal in all versions up to, and including, 2.5.9. This is due to the PMCS::actionhandler method processing the bulk action activate/deactivate handlers without any authorization check or nonce verificatio...

8.1CVSS6.1AI score0.00408EPSS
Exploits0References3
EUVD
EUVD
added 2026/04/10 1:24 a.m.5 views

EUVD-2026-21262

The Perfmatters plugin for WordPress is vulnerable to arbitrary file overwrite via path traversal in all versions up to, and including, 2.5.9. This is due to the PMCS::actionhandler method processing the bulk action activate/deactivate handlers without any authorization check or nonce verificatio...

8.1CVSS6.1AI score0.00408EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/10 12:0 a.m.10 views

WordPress plugin Perfmatters 路径遍历漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

8.1CVSS5.9AI score0.00408EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/04/04 11:2 a.m.5 views

CVE-2026-4350

The Perfmatters plugin for WordPress is vulnerable to arbitrary file deletion via path traversal in all versions up to, and including, 2.5.9.1. This is due to the PMCS::actionhandler method processing the $GET'delete' parameter without any sanitization, authorization check, or nonce verification...

8.1CVSS6AI score0.00658EPSS
Exploits1References1
NVD
NVD
added 2026/04/03 8:16 a.m.7 views

CVE-2026-4350

The Perfmatters plugin for WordPress is vulnerable to arbitrary file deletion via path traversal in all versions up to, and including, 2.5.9.1. This is due to the PMCS::actionhandler method processing the $GET'delete' parameter without any sanitization, authorization check, or nonce verification...

8.1CVSS0.00658EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/04/03 7:41 a.m.24 views

CVE-2026-4350 Perfmatters <= 2.5.9.1 - Authenticated (Subscriber+) Arbitrary File Deletion via 'delete' Parameter

The Perfmatters plugin for WordPress is vulnerable to arbitrary file deletion via path traversal in all versions up to, and including, 2.5.9.1. This is due to the PMCS::actionhandler method processing the $GET'delete' parameter without any sanitization, authorization check, or nonce verification...

8.1CVSS0.00658EPSS
Exploits1References2
Patchstack
Patchstack
added 2026/04/03 6:57 a.m.6 views

WordPress Perfmatters plugin <= 2.5.9.1 - Authenticated (Subscriber+) Arbitrary File Deletion via 'delete' Parameter vulnerability

Authenticated Subscriber+ Arbitrary File Deletion via 'delete' Parameter vulnerability discovered by hoshino in WordPress Plugin Perfmatters versions = 2.5.9.1...

8.1CVSS5.9AI score0.00658EPSS
Exploits1References1Affected Software1
CNNVD
CNNVD
added 2026/04/03 12:0 a.m.9 views

WordPress plugin Perfmatters 路径遍历漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

8.1CVSS7.4AI score0.00658EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/04/02 12:0 a.m.10 views

PT-2026-29900

Name of the Vulnerable Software and Affected Versions Perfmatters plugin for WordPress versions through 2.5.9.1 Description The Perfmatters plugin for WordPress contains a flaw that allows for arbitrary file deletion through path traversal. The PMCS::action handler method processes the $...

8.1CVSS6AI score0.00658EPSS
Exploits1References9
Vulnrichment
Vulnrichment
added 2024/02/29 5:31 a.m.17 views

CVE-2023-47874 WordPress Perfmatters Plugin <= 2.1.6 is vulnerable to Broken Access Control

Missing Authorization vulnerability in Perfmatters.This issue affects Perfmatters: from n/a through 2.1.6...

5.4CVSS6.9AI score0.00408EPSS
Exploits0References1
Rows per page
Query Builder