VYPR

Seraphinite Accelerator

by WordPress

Source repositories

CVEs (10)

  • CVE-2024-37940HigJul 12, 2024
    risk 0.48cvss 7.4epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in Seraphinite Solutions Seraphinite Accelerator (Full, premium).This issue affects Seraphinite Accelerator (Full, premium): from n/a through 2.21.13.

  • CVE-2023-49740HigDec 14, 2023
    risk 0.46cvss 7.1epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Seraphinite Solutions Seraphinite Accelerator allows Reflected XSS.This issue affects Seraphinite Accelerator: from n/a through 2.20.28.

  • CVE-2023-5609MedNov 20, 2023
    risk 0.40cvss 6.1epss 0.00

    The Seraphinite Accelerator WordPress plugin before 2.2.29 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

  • CVE-2024-1568MedFeb 28, 2024
    risk 0.35cvss 6.4epss 0.00

    The Seraphinite Accelerator plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.20.52 via the OnAdminApi_HtmlCheck function. This makes it possible for authenticated attackers, with subscriber-level access and above, to make…

  • CVE-2023-5610MedNov 20, 2023
    risk 0.35cvss 5.4epss 0.00

    The Seraphinite Accelerator WordPress plugin before 2.2.29 does not validate the URL to redirect any authenticated user to, leading to an arbitrary redirect

  • CVE-2024-22138MedMar 28, 2024
    risk 0.34cvss 5.3epss 0.00

    Insertion of Sensitive Information into Log File vulnerability in Seraphinite Solutions Seraphinite Accelerator.This issue affects Seraphinite Accelerator: from n/a through 2.20.47.

  • CVE-2023-5611MedNov 27, 2023
    risk 0.34cvss 5.3epss 0.00

    The Seraphinite Accelerator WordPress plugin before 2.20.32 does not have authorisation and CSRF checks when resetting and importing its settings, allowing unauthenticated users to reset them

  • CVE-2024-54222MedFeb 20, 2026
    risk 0.28cvss 4.3epss 0.00

    Missing Authorization vulnerability in Seraphinite Solutions Seraphinite Accelerator seraphinite-accelerator allows Retrieve Embedded Sensitive Data.This issue affects Seraphinite Accelerator: from n/a through <= 2.22.15.

  • CVE-2026-3058MedMar 4, 2026
    risk 0.21cvss 4.3epss 0.00

    The Seraphinite Accelerator plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.28.14 via the `seraph_accel_api` AJAX action with `fn=GetData`. This is due to the `OnAdminApi_GetData()` function not performing any…

  • CVE-2025-6059MedJun 14, 2025
    risk 0.21cvss 4.3epss 0.00

    The Seraphinite Accelerator plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.27.21. This is due to missing or incorrect nonce validation on the 'OnAdminApi_CacheOpBegin' function. This makes it possible for unauthenticated…