Seraphinitesoft Seraphinite Accelerator vulnerabilities

4 known vulnerabilities affecting seraphinitesoft/seraphinite_accelerator.

Total CVEs
4
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
MEDIUM4

Vulnerabilities

Page 1 of 1
CVE-2026-3058MEDIUMCVSS 6.5≤ 2.28.142026-03-04
CVE-2026-3058 [MEDIUM] CWE-200 CVE-2026-3058: The Seraphinite Accelerator plugin for WordPress is vulnerable to Sensitive Information Exposure in The Seraphinite Accelerator plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.28.14 via the `seraph_accel_api` AJAX action with `fn=GetData`. This is due to the `OnAdminApi_GetData()` function not performing any capability checks. This makes it possible for authenticated attackers, with Subscri
cvelistv5nvd
CVE-2026-3056MEDIUMCVSS 4.3≤ 2.28.142026-03-04
CVE-2026-3056 [MEDIUM] CWE-862 CVE-2026-3056: The Seraphinite Accelerator plugin for WordPress is vulnerable to unauthorized modification of data The Seraphinite Accelerator plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the `seraph_accel_api` AJAX action with `fn=LogClear` in all versions up to, and including, 2.28.14. This makes it possible for authenticated attackers, with Subscriber-level access and above, to clear the plugin's de
cvelistv5nvd
CVE-2025-6059MEDIUMCVSS 4.3≤ 2.27.212025-06-14
CVE-2025-6059 [MEDIUM] CWE-352 CVE-2025-6059: The Seraphinite Accelerator plugin for WordPress is vulnerable to Cross-Site Request Forgery in all The Seraphinite Accelerator plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.27.21. This is due to missing or incorrect nonce validation on the 'OnAdminApi_CacheOpBegin' function. This makes it possible for unauthenticated attackers to perform several administrative actions, including deleting the
cvelistv5nvd
CVE-2024-1568MEDIUMCVSS 6.4≤ 2.20.522024-02-28
CVE-2024-1568 [MEDIUM] CWE-918 CVE-2024-1568: The Seraphinite Accelerator plugin for WordPress is vulnerable to Server-Side Request Forgery in all The Seraphinite Accelerator plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.20.52 via the OnAdminApi_HtmlCheck function. This makes it possible for authenticated attackers, with subscriber-level access and above, to make web requests to arbitrary locations originating from the web application a
cvelistv5nvd