A critical path traversal vulnerability in the Perfmatters plugin could allow an attacker to delete arbitrary files on the WordPress server.

This vulnerability affects the Perfmatters plugin for WordPress in all versions up to 2. The flaw allows an attacker to perform arbitrary file deletion via path traversal, which could lead to a complete site outage or the removal of critical configuration files.

The ability to delete arbitrary files on a server is a catastrophic security failure, often leading to total service disruption. With a CVSS score of 8.1, this vulnerability represents a severe risk to site availability and integrity.

Immediate Action: Update the Perfmatters plugin to the latest available version immediately.

Proactive Monitoring: Monitor server file system logs for unauthorized deletion attempts or access to unexpected file paths.

Compensating Controls: If an update is not immediately available, disable the Perfmatters plugin and review file system permissions to ensure the web server user has the least privilege necessary.

Public Exploit Available: false

WordPress administrators should prioritize updating the Perfmatters plugin. This vulnerability provides a direct vector for destructive actions, making rapid remediation essential to protect the integrity of the web server.