CVE-2026-3881

MEDIUM

Performance Monitor <= 1.0.6 - Unauthenticated Blind SSRF

Title source: cna

Description

The Performance Monitor WordPress plugin through 1.0.6 does not validate a parameter before making a request to it, which could allow unauthenticated users to perform SSRF attacks

References (1)

[Exploit] https://wpscan.com/vulnerability/4b30421e-9848-45ce-87ab-0229d9d7df01/

Scores

CVSS v3 5.8

EPSS 0.0004

EPSS Percentile 11.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

CWE

CWE-918

Status published

Products (1)

None/Performance Monitor < 1.0.6

Published Mar 31, 2026

Tracked Since Mar 31, 2026