68 matches found
CVE-2026-56047
Unauthenticated Cross Site Scripting XSS in perfmatters = 2.6.3 versions...
CVE-2026-56047 WordPress perfmatters plugin <= 2.6.3 - Reflected Cross Site Scripting (XSS) vulnerability
Unauthenticated Cross Site Scripting XSS in perfmatters = 2.6.3 versions...
CVE-2026-56047
CVE-2026-56047 concerns the WordPress perfmatters plugin, affected versions <= 2.6.3. The connected sources confirm an unauthenticated cross-site scripting (XSS) vulnerability, with the CVSSv3.1 base score of 7.1 (HIGH). The attack vector is network, with low attack complexity, requiring user ...
EUVD-2026-39708
Unauthenticated Cross Site Scripting XSS in perfmatters = 2.6.3 versions...
CVE-2026-4351
The Perfmatters plugin for WordPress is vulnerable to arbitrary file overwrite via path traversal in all versions up to, and including, 2.5.9. This is due to the PMCS::actionhandler method processing the bulk action activate/deactivate handlers without any authorization check or nonce verificatio...
Exploit for CVE-2026-4350
CVE-2026-4350 - Perfmatters WordPress Arbitrary File Deletion...
WordPress Perfmatters plugin <= 2.5.9 - Authenticated (Subscriber+) Arbitrary File Overwrite via 'snippets' Parameter vulnerability
Authenticated Subscriber+ Arbitrary File Overwrite via 'snippets' Parameter vulnerability discovered by hoshino in WordPress Plugin Perfmatters versions = 2.5.9...
CVE-2026-4351
The Perfmatters plugin for WordPress is vulnerable to arbitrary file overwrite via path traversal in all versions up to, and including, 2.5.9. This is due to the PMCS::actionhandler method processing the bulk action activate/deactivate handlers without any authorization check or nonce verificatio...
CVE-2026-4351
CVE-2026-4351 concerns the Perfmatters WordPress plugin (≤ 2.5.9). The issue arises from PMCS::action_handler() handling bulk activate/deactivate actions without proper authorization or nonce verification. User-supplied $_GET['snippets'][] values are passed unsanitized to Snippet::activate()/Snip...
CVE-2026-4351 Perfmatters <= 2.5.9 - Authenticated (Subscriber+) Arbitrary File Overwrite via 'snippets' Parameter
The Perfmatters plugin for WordPress is vulnerable to arbitrary file overwrite via path traversal in all versions up to, and including, 2.5.9. This is due to the PMCS::actionhandler method processing the bulk action activate/deactivate handlers without any authorization check or nonce verificatio...
CVE-2026-4351
The Perfmatters plugin for WordPress is vulnerable to arbitrary file overwrite via path traversal in all versions up to, and including, 2.5.9. This is due to the PMCS::actionhandler method processing the bulk action activate/deactivate handlers without any authorization check or nonce verificatio...
CVE-2026-4351 Perfmatters <= 2.5.9 - Authenticated (Subscriber+) Arbitrary File Overwrite via 'snippets' Parameter
The Perfmatters plugin for WordPress is vulnerable to arbitrary file overwrite via path traversal in all versions up to, and including, 2.5.9. This is due to the PMCS::actionhandler method processing the bulk action activate/deactivate handlers without any authorization check or nonce verificatio...
EUVD-2026-21262
The Perfmatters plugin for WordPress is vulnerable to arbitrary file overwrite via path traversal in all versions up to, and including, 2.5.9. This is due to the PMCS::actionhandler method processing the bulk action activate/deactivate handlers without any authorization check or nonce verificatio...
PT-2026-31849
Name of the Vulnerable Software and Affected Versions Perfmatters plugin for WordPress versions up to and including 2.5.9 Description The Perfmatters plugin for WordPress is susceptible to arbitrary file overwrite through path traversal. This occurs because the PMCS::action handler method process...
WordPress plugin Perfmatters 路径遍历漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
CVE-2026-4350
The Perfmatters plugin for WordPress is vulnerable to arbitrary file deletion via path traversal in all versions up to, and including, 2.5.9.1. This is due to the PMCS::actionhandler method processing the $GET'delete' parameter without any sanitization, authorization check, or nonce verification...
EUVD-2026-18609
The Perfmatters plugin for WordPress is vulnerable to arbitrary file deletion via path traversal in all versions up to, and including, 2.5.9.1. This is due to the PMCS::actionhandler method processing the $GET'delete' parameter without any sanitization, authorization check, or nonce verification...
CVE-2026-4350
The Perfmatters plugin for WordPress is vulnerable to arbitrary file deletion via path traversal in all versions up to, and including, 2.5.9.1. This is due to the PMCS::actionhandler method processing the $GET'delete' parameter without any sanitization, authorization check, or nonce verification...
CVE-2026-4350 Perfmatters <= 2.5.9.1 - Authenticated (Subscriber+) Arbitrary File Deletion via 'delete' Parameter
The Perfmatters plugin for WordPress is vulnerable to arbitrary file deletion via path traversal in all versions up to, and including, 2.5.9.1. This is due to the PMCS::actionhandler method processing the $GET'delete' parameter without any sanitization, authorization check, or nonce verification...
CVE-2026-4350 Perfmatters <= 2.5.9.1 - Authenticated (Subscriber+) Arbitrary File Deletion via 'delete' Parameter
The Perfmatters plugin for WordPress is vulnerable to arbitrary file deletion via path traversal in all versions up to, and including, 2.5.9.1. This is due to the PMCS::actionhandler method processing the $GET'delete' parameter without any sanitization, authorization check, or nonce verification...