CVE-2026-4350 | Perfmatters Plugin up to 2.5.9.1 on WordPress PMCS::action_handler delete path traversal

Inserito da Angelo Barbosa | Apr 3, 2026 | CVE

A vulnerability described as critical has been identified in Perfmatters Plugin up to 2.5.9.1 on WordPress. Affected by this vulnerability is the function PMCS::action_handler. The manipulation of the argument delete results in path traversal.

This vulnerability is known as CVE-2026-4350. It is possible to launch the attack remotely. No exploit is available.

CVE-2026-4350 | Perfmatters Plugin up to 2.5.9.1 on WordPress PMCS::action_handler delete path traversal

Post correlati

CVE-2020-36853 | 10WebMapBuilder Plugin up to 1.0.63 on WordPress Setting cross site scripting

CVE-2022-46795 | Tyche Softwares Print Invoice & Delivery Notes for WooCommerce Plugin authorization

CVE-2024-5116 | SourceCodester Online Examination System 1.0 save.php vote sql injection

CVE-2025-39376 | Car Park Booking System Plugin up to 2.6 on WordPress authorization