CVE-2026-4351
- EPSS 0.41%
- Veröffentlicht 10.04.2026 02:16:03
- Zuletzt bearbeitet 24.04.2026 18:01:58
The Perfmatters plugin for WordPress is vulnerable to arbitrary file overwrite via path traversal in all versions up to, and including, 2.5.9. This is due to the `PMCS::action_handler()` method processing the bulk action `activate`/`deactivate` handl...
CVE-2026-4350
- EPSS 0.66%
- Veröffentlicht 03.04.2026 07:41:57
- Zuletzt bearbeitet 24.04.2026 18:13:28
The Perfmatters plugin for WordPress is vulnerable to arbitrary file deletion via path traversal in all versions up to, and including, 2.5.9.1. This is due to the `PMCS::action_handler()` method processing the `$_GET['delete']` parameter without any ...
CVE-2023-47874
- EPSS 0.41%
- Veröffentlicht 29.02.2024 06:15:45
- Zuletzt bearbeitet 28.04.2026 19:22:06
Missing Authorization vulnerability in Perfmatters.This issue affects Perfmatters: from n/a through 2.1.6.
CVE-2023-47876
- EPSS 0.41%
- Veröffentlicht 30.11.2023 17:15:11
- Zuletzt bearbeitet 28.04.2026 19:22:06
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Perfmatters allows Reflected XSS.This issue affects Perfmatters: from n/a through 2.1.6.
CVE-2023-47877
- EPSS 0.37%
- Veröffentlicht 30.11.2023 17:15:11
- Zuletzt bearbeitet 28.04.2026 19:22:07
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Perfmatters allows Stored XSS.This issue affects Perfmatters: from n/a before 2.2.0.
CVE-2023-47875
- EPSS 0.24%
- Veröffentlicht 30.11.2023 17:15:10
- Zuletzt bearbeitet 28.04.2026 19:22:06
Cross-Site Request Forgery (CSRF) vulnerability in Perfmatters allows Cross Site Request Forgery.This issue affects Perfmatters: from n/a through 2.1.6.