Perfmatters Vulnerability: Arbitrary File Deletion Risk for
Source: Wordfence
A security vulnerability has reportedly been discovered in the Perfmatters WordPress plugin, according to a blog post from Wordfence. The post suggests the issue could affect approximately 200,000 WordPress sites, though the full details of the article were not accessible at the time of writing.
What we know so far
According to Wordfence, the vulnerability is described as an "arbitrary file deletion" flaw. This type of issue generally allows an attacker to delete files on a website's server, which can cause serious disruption or damage to a site.
Beyond that, the specific details remain unclear. The Wordfence article was not fully retrievable, so information such as which versions of the plugin are affected, whether a fix is available and who discovered the issue could not be confirmed at this time.
If you use the Perfmatters plugin on your WordPress site, it is worth keeping a close eye on updates from the plugin developer and from Wordfence directly.
Why this matters for small business websites
WordPress plugins are one of the most common entry points for attackers targeting small business websites. A plugin used by a large number of sites is a particularly attractive target, because a single vulnerability can be exploited across many websites at once.
You do not need to be a technical expert to take basic precautions. Keeping your plugins updated, removing plugins you no longer use and checking security news regularly are straightforward steps that can make a real difference.
For a practical overview of what to check, see our security checklist for small businesses and our guide on vulnerable WordPress plugins.
What does this mean for your website?
If Perfmatters is installed on your WordPress site, check for any available updates and apply them as soon as possible. It is also worth reviewing which plugins you have installed and removing any that are inactive or no longer needed. Staying on top of plugin updates is one of the simplest and most effective ways to protect your website and the customer data it holds.
Check your website now
Free website scan covering GDPR, copyright, accessibility, security, and more.
Scan your site freeRelated articles
MW WP Form Vulnerability: 200k Sites Affected & Fix
A Wordfence blog post about a vulnerability in the MW WP Form WordPress plugin affecting 200,000 sites could not be loaded due to JavaScript being disabled.
Tutor LMS Pro Auth Bypass Vulnerability: 30k Sites Affected
A Wordfence blog post references an authentication bypass vulnerability affecting WordPress sites using the Tutor LMS Pro plugin, but the full article content is inaccessible due to JavaScript being disabled.
Smart Slider 3 Vulnerability: What WordPress Site Owners Nee
A Wordfence blog post references an arbitrary file read vulnerability in the Smart Slider 3 WordPress plugin affecting 800,000 sites, but the full article text is not accessible due to JavaScript being disabled.