CVE-2026-3881

Summary

The Performance Monitor WordPress plugin through 1.0.6 does not validate a parameter before making a request to it, which could allow unauthenticated users to perform SSRF attacks

Affected Software

VendorProductVersion RangeStatus
UnknownPerformance Monitor0 <= 1.0.6affected

Weaknesses

  • CWE-918 Server-Side Request Forgery (SSRF)

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: yes
    • Technical Impact: partial

References