CVE-2026-1648 | qrolic Performance Monitor Plugin up to 1.0.6 on WordPress REST API Endpoint curl_data url server-side request forgery

A vulnerability classified as critical has been found in qrolic Performance Monitor Plugin up to 1.0.6 on WordPress. Affected by this issue is some unknown functionality of the file /wp-json/performance-monitor/v1/curl_data of the component REST API Endpoint. Performing a manipulation of the argument url results in server-side request forgery.

This vulnerability is known as CVE-2026-1648. Remote exploitation of the attack is possible. No exploit is available.

It is recommended to upgrade the affected component.

CVE-2026-1648 | qrolic Performance Monitor Plugin up to 1.0.6 on WordPress REST API Endpoint curl_data url server-side request forgery

Post correlati

CVE-2026-22892 | Mattermost up to 10.11.9/11.1.2/11.2.1 Jira Plugin /create-issue authorization

CVE-2024-0904 | Fancy Product Designer Plugin up to 6.1.80 on WordPress Setting cross site scripting

CVE-2024-2399 | Premium Addons for Elementor Pro Plugin up to 4.10.23 on WordPress cross site scripting

CVE-2024-44648 | PHPGurukul Small CRM 3.0 quote-details.php id/adminremark sql injection