Live Vulnerability Intelligence
Threat Database
Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.
Threat Entry
Updated 2026-03-31
CVE-2026-3058 - Seraphinite Accelerator Plugin
The Seraphinite Accelerator plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.28.14 via the `seraph_accel_api` AJAX action with `fn=GetData`. This is due to the `OnAdminApi_GetData()` function not performing any capability checks. This makes it possible for authenticated attackers, with Subscriber-level access and above, to retrieve sensitive operational data including cache status, scheduled task information, and external database state.
PLUGIN
Seraphinite Accelerator
CVE-2026-3058
Risk Score
Threat Entry
Updated 2026-03-04
CVE-2026-3056 - Seraphinite Accelerator Plugin
The Seraphinite Accelerator plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the `seraph_accel_api` AJAX action with `fn=LogClear` in all versions up to, and including, 2.28.14. This makes it possible for authenticated attackers, with Subscriber-level access and above, to clear the plugin's debug/operational logs.
PLUGIN
Seraphinite Accelerator
CVE-2026-3056
Risk Score
Threat Entry
Updated 2025-06-16
CVE-2025-6059 - Seraphinite Accelerator Plugin
The Seraphinite Accelerator plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.27.21. This is due to missing or incorrect nonce validation on the 'OnAdminApi_CacheOpBegin' function. This makes it possible for unauthenticated attackers to perform several administrative actions, including deleting the cache, via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
PLUGIN
Seraphinite Accelerator
CVE-2025-6059
Risk Score
Threat Entry
Updated 2025-01-16
CVE-2024-1568 - Seraphinite Accelerator Plugin
The Seraphinite Accelerator plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.20.52 via the OnAdminApi_HtmlCheck function. This makes it possible for authenticated attackers, with subscriber-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.
PLUGIN
Seraphinite Accelerator
CVE-2024-1568
Risk Score
Threat Entry
Updated 2025-01-16
CVE-2023-5611 - Seraphinite Accelerator Plugin
The Seraphinite Accelerator WordPress plugin before 2.20.32 does not have authorisation and CSRF checks when resetting and importing its settings, allowing unauthenticated users to reset them
PLUGIN
Seraphinite Accelerator
CVE-2023-5611
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-5609 - Seraphinite Accelerator Plugin
The Seraphinite Accelerator WordPress plugin before 2.2.29 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
PLUGIN
Seraphinite Accelerator
CVE-2023-5609
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-5610 - Seraphinite Accelerator Plugin
The Seraphinite Accelerator WordPress plugin before 2.2.29 does not validate the URL to redirect any authenticated user to, leading to an arbitrary redirect
PLUGIN
Seraphinite Accelerator
CVE-2023-5610
Risk Score