22 matches found
CVE-2026-56047
CVE-2026-56047 concerns the WordPress perfmatters plugin, affected versions <= 2.6.3. The connected sources confirm an unauthenticated cross-site scripting (XSS) vulnerability, with the CVSSv3.1 base score of 7.1 (HIGH). The attack vector is network, with low attack complexity, requiring user ...
CVE-2026-56047 WordPress perfmatters plugin <= 2.6.3 - Reflected Cross Site Scripting (XSS) vulnerability
Unauthenticated Cross Site Scripting XSS in perfmatters = 2.6.3 versions...
CVE-2026-4351
The Perfmatters plugin for WordPress is vulnerable to arbitrary file overwrite via path traversal in all versions up to, and including, 2.5.9. This is due to the PMCS::actionhandler method processing the bulk action activate/deactivate handlers without any authorization check or nonce verificatio...
Exploit for CVE-2026-4350
CVE-2026-4350 - Perfmatters WordPress Arbitrary File Deletion...
CVE-2026-4351
The Perfmatters plugin for WordPress is vulnerable to arbitrary file overwrite via path traversal in all versions up to, and including, 2.5.9. This is due to the PMCS::actionhandler method processing the bulk action activate/deactivate handlers without any authorization check or nonce verificatio...
CVE-2026-4351
The Perfmatters plugin for WordPress is vulnerable to arbitrary file overwrite via path traversal in all versions up to, and including, 2.5.9. This is due to the PMCS::actionhandler method processing the bulk action activate/deactivate handlers without any authorization check or nonce verificatio...
CVE-2026-4351 Perfmatters <= 2.5.9 - Authenticated (Subscriber+) Arbitrary File Overwrite via 'snippets' Parameter
The Perfmatters plugin for WordPress is vulnerable to arbitrary file overwrite via path traversal in all versions up to, and including, 2.5.9. This is due to the PMCS::actionhandler method processing the bulk action activate/deactivate handlers without any authorization check or nonce verificatio...
EUVD-2026-21262
The Perfmatters plugin for WordPress is vulnerable to arbitrary file overwrite via path traversal in all versions up to, and including, 2.5.9. This is due to the PMCS::actionhandler method processing the bulk action activate/deactivate handlers without any authorization check or nonce verificatio...
WordPress plugin Perfmatters 路径遍历漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
CVE-2026-4350
The Perfmatters plugin for WordPress is vulnerable to arbitrary file deletion via path traversal in all versions up to, and including, 2.5.9.1. This is due to the PMCS::actionhandler method processing the $GET'delete' parameter without any sanitization, authorization check, or nonce verification...
CVE-2026-4350
The Perfmatters plugin for WordPress is vulnerable to arbitrary file deletion via path traversal in all versions up to, and including, 2.5.9.1. This is due to the PMCS::actionhandler method processing the $GET'delete' parameter without any sanitization, authorization check, or nonce verification...
CVE-2026-4350 Perfmatters <= 2.5.9.1 - Authenticated (Subscriber+) Arbitrary File Deletion via 'delete' Parameter
The Perfmatters plugin for WordPress is vulnerable to arbitrary file deletion via path traversal in all versions up to, and including, 2.5.9.1. This is due to the PMCS::actionhandler method processing the $GET'delete' parameter without any sanitization, authorization check, or nonce verification...
WordPress Perfmatters plugin <= 2.5.9.1 - Authenticated (Subscriber+) Arbitrary File Deletion via 'delete' Parameter vulnerability
Authenticated Subscriber+ Arbitrary File Deletion via 'delete' Parameter vulnerability discovered by hoshino in WordPress Plugin Perfmatters versions = 2.5.9.1...
WordPress plugin Perfmatters 路径遍历漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
PT-2026-29900
Name of the Vulnerable Software and Affected Versions Perfmatters plugin for WordPress versions through 2.5.9.1 Description The Perfmatters plugin for WordPress contains a flaw that allows for arbitrary file deletion through path traversal. The PMCS::action handler method processes the $...
CVE-2023-47874 WordPress Perfmatters Plugin <= 2.1.6 is vulnerable to Broken Access Control
Missing Authorization vulnerability in Perfmatters.This issue affects Perfmatters: from n/a through 2.1.6...
WordPress Plugin Perfmatters Security Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...
WordPress Plugin perfmatters Cross-Site Scripting Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...
Perfmatters < 2.1.7 - Missing Authorization
Description The Perfmatters plugin for WordPress is vulnerable to unauthorized access, modification or loss of data due to a missing capability check on one of its functions in all versions up to, and including, 2.1.6. This makes it possible for subscriber-level attackers to invoke this function...
Perfmatters < 2.1.7 - Cross-Site Request Forgery
Description The Perfmatters plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1.6. This is due to missing or incorrect nonce validation on an unknown function. This makes it possible for unauthenticated attackers to perform an unknown action...