WordPress Plugin Vulnerabilities

Perfmatters < 2.1.7 - Missing Authorization

Description

The Perfmatters plugin for WordPress is vulnerable to unauthorized access, modification or loss of data due to a missing capability check on one of its functions in all versions up to, and including, 2.1.6. This makes it possible for subscriber-level attackers to invoke this function.

Affects Plugins

Plugin icon
perfmatters
Fixed in 2.1.7

References

CVE
CVE-2023-47874
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/b078e446-61e7-4ce1-b9a9-480ccc388c72

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
5.3 (medium)

Miscellaneous

Original Researcher
Dave Jong
Verified
No
WPVDB ID
b198f9f4-8df5-4662-a56f-d6c341183ad8

Timeline

Publicly Published
2023-11-20 (about 2 years ago)
Added
2023-11-29 (about 2 years ago)
Last Updated
2024-01-22 (about 2 years ago)

Other

Published
Title
Published
2026-02-18
Title
Elegant Pink < 1.3.4 - Missing Authorization
Published
2025-12-31
Title
Countdowner for Elementor <= 1.0.4 - Missing Authorization
Published
2024-11-19
Title
PublishPress Revisions: Duplicate Posts, Submit, Approve and Schedule Content Changes < 3.5.16 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Exposure
Published
2024-05-15
Title
weMail < 1.14.3 - Missing Authorization to Notice Dismissal
Published
2026-03-17
Title
Link Whisper Free < 0.9.1 - Unauthenticated Settings and User Meta Update