6 matches found
Exploit for CVE-2026-4350
CVE-2026-4350 - Perfmatters WordPress Arbitrary File Deletion...
CVE-2026-4350
The Perfmatters plugin for WordPress is vulnerable to arbitrary file deletion via path traversal in all versions up to, and including, 2.5.9.1. This is due to the PMCS::actionhandler method processing the $GET'delete' parameter without any sanitization, authorization check, or nonce verification...
CVE-2026-4350 Perfmatters <= 2.5.9.1 - Authenticated (Subscriber+) Arbitrary File Deletion via 'delete' Parameter
The Perfmatters plugin for WordPress is vulnerable to arbitrary file deletion via path traversal in all versions up to, and including, 2.5.9.1. This is due to the PMCS::actionhandler method processing the $GET'delete' parameter without any sanitization, authorization check, or nonce verification...
CVE-2026-4350
The Perfmatters plugin for WordPress is vulnerable to arbitrary file deletion via path traversal in all versions up to, and including, 2.5.9.1. This is due to the PMCS::actionhandler method processing the $GET'delete' parameter without any sanitization, authorization check, or nonce verification...
CVE-2023-24383
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Kiboko Labs Namaste! LMS plugin = 2.5.9.1 versions...
WordPress Namaste! LMS Plugin <= 2.5.9.1 is vulnerable to Cross Site Scripting (XSS)
Software Namaste! LMS Type Plugin Vulnerable versions = 2.5.9.1 Fixed in 2.5.9.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-24383 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID a09354550881 Credits yuyudhn Required...