Browse all 6 CVE security advisories affecting Perfmatters. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Perfmatters is a WordPress performance optimization plugin designed to reduce page load times by disabling unnecessary scripts and styles. Historically, it has been susceptible to multiple cross-site scripting (XSS) vulnerabilities due to insufficient input sanitization, as well as remote code execution (RCE) flaws through improper file handling. The plugin has also faced privilege escalation issues where lower-privileged users could gain administrative access. With six CVEs recorded, Perfmatters' security track record reflects common risks in WordPress extensions, particularly around data validation and access control. While no major public incidents have been widely documented, its vulnerability history underscores the importance of regular updates and security hardening for performance tools.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-4351 | Perfmatters <= 2.5.9 - Authenticated (Subscriber+) Arbitrary File Overwrite via 'snippets' Parameter — PerfmattersCWE-22 | 8.1 | High | 2026-04-10 |
| CVE-2026-4350 | Perfmatters <= 2.5.9.1 - Authenticated (Subscriber+) Arbitrary File Deletion via 'delete' Parameter — PerfmattersCWE-22 | 8.1 | High | 2026-04-03 |
| CVE-2023-47874 | WordPress Perfmatters Plugin <= 2.1.6 is vulnerable to Broken Access Control — PerfmattersCWE-862 | 5.4 | Medium | 2024-02-29 |
| CVE-2023-47876 | WordPress Perfmatters Plugin <= 2.1.6 is vulnerable to Cross Site Scripting (XSS) — PerfmattersCWE-79 | 7.1 | High | 2023-11-30 |
| CVE-2023-47877 | WordPress Perfmatters Plugin < 2.2.0 is vulnerable to Cross Site Scripting (XSS) — PerfmattersCWE-79 | 6.5 | Medium | 2023-11-30 |
| CVE-2023-47875 | WordPress Perfmatters Plugin <= 2.1.6 is vulnerable to Cross Site Request Forgery (CSRF) — PerfmattersCWE-352 | 5.4 | Medium | 2023-11-30 |
This page lists every published CVE security advisory associated with Perfmatters. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.