Seraphinite Accelerator Security Vulnerabilities and Issues — Seraphinite Accelerator CVE List

Lucene search

S-solsSeraphinite Accelerator

5 matches found

CVE•added 2024/02/28 7:15 a.m.•73 views

CVE-2024-1568

The Seraphinite Accelerator plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.20.52 via the OnAdminApi_HtmlCheck function. This makes it possible for authenticated attackers, with subscriber-level access and above, to make web requests to arbi...

6.4CVSS6.8AI score0.00153EPSS

CVE•added 2023/12/14 3:15 p.m.•50 views

CVE-2023-49740

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Seraphinite Solutions Seraphinite Accelerator allows Reflected XSS.This issue affects Seraphinite Accelerator: from n/a through 2.20.28.

7.1CVSS6.6AI score0.00193EPSS

CVE•added 2023/11/20 7:15 p.m.•49 views

CVE-2023-5609

The Seraphinite Accelerator WordPress plugin before 2.2.29 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

6.1CVSS6.1AI score0.00117EPSS

CVE•added 2023/11/20 7:15 p.m.•44 views

CVE-2023-5610

The Seraphinite Accelerator WordPress plugin before 2.2.29 does not validate the URL to redirect any authenticated user to, leading to an arbitrary redirect

5.4CVSS5.8AI score0.00083EPSS

CVE•added 2023/11/27 5:15 p.m.•37 views

CVE-2023-5611

The Seraphinite Accelerator WordPress plugin before 2.20.32 does not have authorisation and CSRF checks when resetting and importing its settings, allowing unauthenticated users to reset them

5.3CVSS5.3AI score0.00165EPSS