95 matches found
CVE-2026-3056
The Seraphinite Accelerator plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the seraphaccelapi AJAX action with fn=LogClear in all versions up to, and including, 2.28.14. This makes it possible for authenticated attackers, with...
WordPress Seraphinite Accelerator plugin <= 2.28.14 - Authenticated (Subscriber+) Exposure of Sensitive Information to an Unauthorized Actor vulnerability
Authenticated Subscriber+ Exposure of Sensitive Information to an Unauthorized Actor vulnerability discovered by lucsob in WordPress Plugin Seraphinite Accelerator versions = 2.28.14...
WordPress Seraphinite Accelerator plugin <= 2.28.14 - Missing Authorization to Authenticated (Subscriber+) Log Clearing vulnerability
Missing Authorization to Authenticated Subscriber+ Log Clearing vulnerability discovered by Nabil Irawan - Heroes Cyber Security in WordPress Plugin Seraphinite Accelerator versions = 2.28.14...
EUVD-2026-9395
The Seraphinite Accelerator plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.28.14 via the seraphaccelapi AJAX action with fn=GetData. This is due to the OnAdminApiGetData function not performing any capability checks. This makes it...
CVE-2026-3056
The Seraphinite Accelerator plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the seraphaccelapi AJAX action with fn=LogClear in all versions up to, and including, 2.28.14. This makes it possible for authenticated attackers, with...
CVE-2026-3058 Seraphinite Accelerator <= 2.28.14 - Authenticated (Subscriber+) Exposure of Sensitive Information to an Unauthorized Actor
The Seraphinite Accelerator plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.28.14 via the seraphaccelapi AJAX action with fn=GetData. This is due to the OnAdminApiGetData function not performing any capability checks. This makes it...
CVE-2026-3058
The Seraphinite Accelerator plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.28.14 via the seraphaccelapi AJAX action with fn=GetData. This is due to the OnAdminApiGetData function not performing any capability checks. This makes it...
CVE-2026-3058 Seraphinite Accelerator <= 2.28.14 - Authenticated (Subscriber+) Exposure of Sensitive Information to an Unauthorized Actor
The Seraphinite Accelerator plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.28.14 via the seraphaccelapi AJAX action with fn=GetData. This is due to the OnAdminApiGetData function not performing any capability checks. This makes it...
CVE-2026-3056
The Seraphinite Accelerator plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the seraphaccelapi AJAX action with fn=LogClear in all versions up to, and including, 2.28.14. This makes it possible for authenticated attackers, with...
CVE-2026-3056 Seraphinite Accelerator <= 2.28.14 - Missing Authorization to Authenticated (Subscriber+) Log Clearing
The Seraphinite Accelerator plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the seraphaccelapi AJAX action with fn=LogClear in all versions up to, and including, 2.28.14. This makes it possible for authenticated attackers, with...
CVE-2026-3056 Seraphinite Accelerator <= 2.28.14 - Missing Authorization to Authenticated (Subscriber+) Log Clearing
The Seraphinite Accelerator plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the seraphaccelapi AJAX action with fn=LogClear in all versions up to, and including, 2.28.14. This makes it possible for authenticated attackers, with...
CVE-2026-3056
CVE-2026-3056 affects the Seraphinite Accelerator WordPress plugin (all versions up to 2.28.14). Root cause: missing capability check on the seraph_accel_api AJAX action with fn=LogClear, allowing authenticated users with Subscriber-level access or higher to clear the plugin’s debug/operational l...
WordPress plugin Seraphinite Accelerator 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...
WordPress plugin Seraphinite Accelerator 信息泄露漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
PT-2026-22901
The Seraphinite Accelerator plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the seraph accel api AJAX action with fn=LogClear in all versions up to, and including, 2.28.14. This makes it possible for authenticated attackers, with...
CVE-2024-54222
Missing Authorization vulnerability in Seraphinite Solutions Seraphinite Accelerator seraphinite-accelerator allows Retrieve Embedded Sensitive Data.This issue affects Seraphinite Accelerator: from n/a through = 2.22.15...
CVE-2024-54222
Missing Authorization vulnerability in Seraphinite Solutions Seraphinite Accelerator seraphinite-accelerator allows Retrieve Embedded Sensitive Data.This issue affects Seraphinite Accelerator: from n/a through = 2.22.15...
CVE-2024-54222 WordPress Seraphinite Accelerator plugin <= 2.22.15 - Authenticated Sensitive Data Exposure vulnerability
Missing Authorization vulnerability in Seraphinite Solutions Seraphinite Accelerator seraphinite-accelerator allows Retrieve Embedded Sensitive Data.This issue affects Seraphinite Accelerator: from n/a through = 2.22.15...
CVE-2024-54222 WordPress Seraphinite Accelerator plugin <= 2.22.15 - Authenticated Sensitive Data Exposure vulnerability
Missing Authorization vulnerability in Seraphinite Solutions Seraphinite Accelerator seraphinite-accelerator allows Retrieve Embedded Sensitive Data.This issue affects Seraphinite Accelerator: from n/a through = 2.22.15...
CVE-2024-54222
CVE-2024-54222 affects the WordPress Seraphinite Accelerator plugin (seraphinite-accelerator) with versions up to 2.22.15. The Red Hat and NVD entries confirm a Missing Authorization vulnerability that permits retrieval of embedded sensitive data from the Seraphinite Accelerator component. The ri...