CVE-2026-3058
- EPSS 0.32%
- Veröffentlicht 04.03.2026 11:22:31
- Zuletzt bearbeitet 31.03.2026 18:37:28
The Seraphinite Accelerator plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.28.14 via the `seraph_accel_api` AJAX action with `fn=GetData`. This is due to the `OnAdminApi_GetData()` functio...
CVE-2024-1568
- EPSS 0.34%
- Veröffentlicht 28.02.2024 07:15:08
- Zuletzt bearbeitet 08.04.2026 17:18:22
The Seraphinite Accelerator plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.20.52 via the OnAdminApi_HtmlCheck function. This makes it possible for authenticated attackers, with subscriber-lev...
CVE-2023-49740
- EPSS 0.42%
- Veröffentlicht 14.12.2023 15:15:08
- Zuletzt bearbeitet 28.04.2026 19:22:22
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Seraphinite Solutions Seraphinite Accelerator allows Reflected XSS.This issue affects Seraphinite Accelerator: from n/a through 2.20.28.
CVE-2023-5611
- EPSS 0.27%
- Veröffentlicht 27.11.2023 17:15:09
- Zuletzt bearbeitet 16.01.2025 15:44:50
The Seraphinite Accelerator WordPress plugin before 2.20.32 does not have authorisation and CSRF checks when resetting and importing its settings, allowing unauthenticated users to reset them
CVE-2023-5609
- EPSS 0.44%
- Veröffentlicht 20.11.2023 19:15:09
- Zuletzt bearbeitet 21.11.2024 08:42:06
The Seraphinite Accelerator WordPress plugin before 2.2.29 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
CVE-2023-5610
- EPSS 0.37%
- Veröffentlicht 20.11.2023 19:15:09
- Zuletzt bearbeitet 21.11.2024 08:42:07
The Seraphinite Accelerator WordPress plugin before 2.2.29 does not validate the URL to redirect any authenticated user to, leading to an arbitrary redirect