CVE-2026-4350: Perfmatters Plugin Arbitrary File Deletion
Plattform
wordpress
Komponente
perfmatters
Behoben in
2.6.0
CVE-2026-4350 is an arbitrary file deletion vulnerability in the Perfmatters WordPress plugin. Due to insufficient sanitization of the `delete` parameter, authenticated attackers can delete arbitrary files on the server using path traversal. This affects versions 0 through 2.5.9.1 of the Perfmatters plugin. The vulnerability is fixed in version 2.6.0.
So beheben
Update to version 2.6.0, or a newer patched version
Häufig gestellte Fragen
What is CVE-2026-4350?
It's an arbitrary file deletion vulnerability in the Perfmatters WordPress plugin due to insufficient sanitization of user-supplied input.
Am I affected by CVE-2026-4350?
You are affected if you are using the Perfmatters WordPress plugin versions 0 up to and including 2.5.9.1.
How do I fix CVE-2026-4350?
Upgrade your Perfmatters WordPress plugin to version 2.6.0 or greater.
Abhängigkeiten automatisch überwachen
Werde benachrichtigt, wenn neue Schwachstellen deine Projekte betreffen. Für immer kostenlos.
Kostenlos starten