Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

Cvelist
Cvelistadded 2026/04/10 1:24 a.m.22 views

CVE-2026-4351 Perfmatters <= 2.5.9 - Authenticated (Subscriber+) Arbitrary File Overwrite via 'snippets' Parameter

The Perfmatters plugin for WordPress is vulnerable to arbitrary file overwrite via path traversal in all versions up to, and including, 2.5.9. This is due to the PMCS::actionhandler method processing the bulk action activate/deactivate handlers without any authorization check or nonce verificatio...

8.1CVSS0.00021EPSS
Exploits0References2
Positive Technologies
Positive Technologiesadded 2026/04/10 12:0 a.m.1 views

PT-2026-31849

Name of the Vulnerable Software and Affected Versions Perfmatters plugin for WordPress versions up to and including 2.5.9 Description The Perfmatters plugin for WordPress is susceptible to arbitrary file overwrite through path traversal. This occurs because the PMCS::action handler method process...

8.1CVSS5.9AI score0.00021EPSS
Exploits0References5
Wordfence Blog
Wordfence Blogadded 2026/04/02 7:6 p.m.4 views

200,000 WordPress Sites Affected by Arbitrary File Deletion Vulnerability in Perfmatters WordPress Plugin

On March 1st, 2026, we received a submission for an Arbitrary File Deletion vulnerability in Perfmatters, a WordPress plugin with more than 200,000 active installations. This vulnerability makes it possible for unauthenticated threat actors to delete arbitrary files, including the wp-config.php...

8.1CVSS8AI score0.00052EPSS
Exploits1
EUVD
EUVDadded 2025/10/03 8:7 p.m.2 views

EUVD-2023-51966

Malicious code in bioql PyPI...

7.1CVSS7AI score0.00193EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2025/05/23 5:16 a.m.4 views

CVE-2023-47874

Missing Authorization vulnerability in Perfmatters.This issue affects Perfmatters: from n/a through 2.1.6...

8.8CVSS6.7AI score0.00086EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2025/05/23 2:4 a.m.4 views

CVE-2023-47876

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Perfmatters allows Reflected XSS.This issue affects Perfmatters: from n/a through 2.1.6...

7.1CVSS7.1AI score0.00193EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2025/05/23 1:57 a.m.4 views

CVE-2023-47877

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Perfmatters allows Stored XSS.This issue affects Perfmatters: from n/a before 2.2.0...

6.5CVSS6.7AI score0.00181EPSS
Exploits0References1
CNNVD
CNNVDadded 2023/11/30 12:0 a.m.0 views

WordPress Plugin perfmatters Cross-Site Request Forgery Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...

8.8CVSS6.5AI score0.00123EPSS
Exploits0References1
Rows per page
Query Builder