Wordfence200,000 WordPress Sites Affected by Arbitrary File Deletion Vulnerability in Perfmatters WordPress Plugin
CVE-2026-4350 (CVSS 8.1, High) allows unauthenticated attackers to delete arbitrary files, including wp-config.php, potentially leading to site takeover.
- Affected versions: <= 2.5.9.1
- Patched version: 2.6.0
- Researcher: hoshino
Review the report to ensure your site is not affected.
