WordPress Seraphinite Accelerator plugin <= 2.28.14 - Authenticated (Subscriber+) Exposure of Sensitive Information to an Unauthorized Actor vulnerability

Authenticated Subscriber+ Exposure of Sensitive Information to an Unauthorized Actor vulnerability discovered by lucsob in WordPress Plugin Seraphinite Accelerator versions = 2.28.14...

CVE-2026-3058

CVE-2026-3058 involves the WordPress plugin Seraphinite Accelerator. The vulnerability is classified as a Sensitive Information Exposure issue in all versions up to and including 2.28.14, exploitable via the seraph_accel_api AJAX action with fn=GetData. The OnAdminApi_GetData() function does not ...

CVE-2026-3056 Seraphinite Accelerator <= 2.28.14 - Missing Authorization to Authenticated (Subscriber+) Log Clearing

The Seraphinite Accelerator plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the seraphaccelapi AJAX action with fn=LogClear in all versions up to, and including, 2.28.14. This makes it possible for authenticated attackers, with...

WordPress plugin Seraphinite Accelerator 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...