Which Seraphinite Accelerator CVEs are tracked?

Seraphinite Accelerator tracked CVEs include CVE-2024-1568, CVE-2023-49740, CVE-2023-5609, CVE-2023-5610, and CVE-2024-22138.

How many Seraphinite Accelerator vulnerabilities have patch guidance?

10 of 10 tracked Seraphinite Accelerator records include a published patch path.

Where should operators start on this Plugin hub?

Start with the priority CVE quick links, then open the full report for affected versions, remediation notes, CVSS vectors, and source references.

Plugin Vulnerability Hub

Plugin 10 known issues Latest disclosed Mar 03, 2026

Seraphinite Accelerator Vulnerabilities

Review known vulnerability records for the WordPress plugin Seraphinite Accelerator (`seraphinite-accelerator`), including severity, CVE references, affected versions, and patch status.

Recent tracked CVEs on this page include CVE-2026-3058, CVE-2026-3056 and CVE-2025-6059, so operators can jump from disclosure to patch validation without scanning the full feed first.

View on WordPress.org Back to Feed

Known Records

High or Critical

Patch Coverage

100%

Last Updated

Mar 04, 2026

Priority CVE Quick Links

Fast paths into Seraphinite Accelerator CVE reports

Start with the highest-signal CVE records for this WordPress plugin before scanning the full vulnerability feed.

Indexed CVEs

CVE-2024-1568 Medium 2.21

CVE-2024-1568 Seraphinite Accelerator Server-Side Request Forgery

Seraphinite Accelerator <= 2.20.52 - Authenticated (Subscriber+) Server-Side Request Forgery in OnAdminApi_HtmlCheck

CVE-2023-49740 Medium 2.20.29

CVE-2023-49740 Seraphinite Accelerator Cross-Site Scripting

Seraphinite Accelerator <= 2.20.28 - Reflected Cross-Site Scripting via rt

CVE-2023-5609 Medium 2.20.29

CVE-2023-5609 Seraphinite Accelerator Cross-Site Scripting

Seraphinite Accelerator <= 2.20.28 - Reflected Cross-Site Scripting via 'rt'

CVE-2023-5610 Medium 2.20.29

CVE-2023-5610 Seraphinite Accelerator Vulnerability

Seraphinite Accelerator <= 2.20.28 - Arbitrary Redirect via 'redir'

CVE-2024-22138 Medium 2.20.48

CVE-2024-22138 Seraphinite Accelerator Sensitive Information Exposure

Seraphinite Accelerator <= 2.20.47 - Unauthenticated Sensitive Information Exposure via Log File

CVE-2026-3058 Medium 2.28.15

CVE-2026-3058 Seraphinite Accelerator Sensitive Information Exposure

Seraphinite Accelerator <= 2.28.14 - Authenticated (Subscriber+) Exposure of Sensitive Information to an Unauthorized Actor

CVE-2026-3056 Medium 2.28.15

CVE-2026-3056 Seraphinite Accelerator Vulnerability

Seraphinite Accelerator <= 2.28.14 - Missing Authorization to Authenticated (Subscriber+) Log Clearing

CVE-2025-6059 Medium 2.27.22

CVE-2025-6059 Seraphinite Accelerator Cross-Site Request Forgery

Seraphinite Accelerator <= 2.27.21 - Cross-Site Request Forgery to Multiple Administrative Actions

Coverage Snapshot

What this page helps you verify fast

This hub clusters every indexed record for Seraphinite Accelerator so operators can confirm whether a disclosed issue maps to the installed slug, version range, and patch path.

Patch Visibility

10 records include a published patch path, leaving 0 with no listed safe release yet.

Severity Mix

0 critical and 0 high severity findings.

Recent CVEs

CVE-2026-3058, CVE-2026-3056 and CVE-2025-6059

Reference Workflow

Jump from the hub into the full report when you need remediation notes, exploit context, CVSS vectors, or source references.

Triage First

Open the records most likely to drive action

These recent records surface the CVE strings, patch cues, and direct report links most operators need first.

CVE-2026-3058 Medium Patch path listed

CVE-2026-3058: Seraphinite Accelerator <= 2.28.14 - Authenticated (Subscriber+) Exposure of Sensitive Information to an Unauthorized Actor

The Seraphinite Accelerator plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.28.14 via the `seraph_accel_api` AJAX action with `fn...

Published

Mar 03, 2026

Patch Status

2.28.15

Open CVE-2026-3058 Report

CVE-2026-3056 Medium Patch path listed

CVE-2026-3056: Seraphinite Accelerator <= 2.28.14 - Missing Authorization to Authenticated (Subscriber+) Log Clearing

The Seraphinite Accelerator plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the `seraph_accel_api` AJAX action with `fn=LogClear`...

Published

Mar 03, 2026

Patch Status

2.28.15

Open CVE-2026-3056 Report

CVE-2025-6059 Medium Patch path listed

CVE-2025-6059: Seraphinite Accelerator <= 2.27.21 - Cross-Site Request Forgery to Multiple Administrative Actions

The Seraphinite Accelerator plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.27.21. This is due to missing or incorrect nonce validati...

Published

Apr 29, 2025

Patch Status

2.27.22

Open CVE-2025-6059 Report

Known Vulnerabilities

Reports for Seraphinite Accelerator

Sorted by latest disclosure date so newly published issues surface first.

Plugin Medium Patched: Yes CVE-2026-3058

CVE-2026-3058: Seraphinite Accelerator <= 2.28.14 - Authenticated (Subscriber+) Exposure of Sensitive Information to an Unauthorized Actor

The Seraphinite Accelerator plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.28.14 via the `seraph_accel_api` AJAX action with `fn=GetData`. This is due to the `OnAdminApi_GetData()` function not performing any capabilit...

Published

Mar 03, 2026

Patched Release

2.28.15

Affected Versions

Versions up to 2.28.14

Next Step

Update to 2.28.15 or newer if supported.

Open CVE-2026-3058 Report Open CVE Reference

Plugin Medium Patched: Yes CVE-2026-3056

CVE-2026-3056: Seraphinite Accelerator <= 2.28.14 - Missing Authorization to Authenticated (Subscriber+) Log Clearing

The Seraphinite Accelerator plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the `seraph_accel_api` AJAX action with `fn=LogClear` in all versions up to, and including, 2.28.14. This makes it possible for authenticated a...

Published

Mar 03, 2026

Patched Release

2.28.15

Affected Versions

Versions up to 2.28.14

Next Step

Update to 2.28.15 or newer if supported.

Open CVE-2026-3056 Report Open CVE Reference

Plugin Medium Patched: Yes CVE-2025-6059

CVE-2025-6059: Seraphinite Accelerator <= 2.27.21 - Cross-Site Request Forgery to Multiple Administrative Actions

The Seraphinite Accelerator plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.27.21. This is due to missing or incorrect nonce validation on the 'OnAdminApi_CacheOpBegin' function. This makes it possible for unauthenticated a...

Published

Apr 29, 2025

Patched Release

2.27.22

Affected Versions

Versions up to 2.27.21

Next Step

Update to 2.27.22 or newer if supported.

Open CVE-2025-6059 Report Open CVE Reference

Plugin Medium Patched: Yes CVE-2024-54222

CVE-2024-54222: Seraphinite Accelerator <= 2.22.15 (2.21.13 PRO) - Authenticated (Subscriber+) Information Exposure

The Seraphinite Accelerator plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.22.15 (2.21.13 PRO). This makes it possible for authenticated attackers, with Subscriber-level access and above, to extract sensitive user or c...

Published

Dec 19, 2024

Patched Release

2.22.16

Affected Versions

Versions up to 2.22.15

Next Step

Update to 2.22.16 or newer if supported.

Open CVE-2024-54222 Report Open CVE Reference

Plugin Medium Patched: Yes CVE-2024-1568

CVE-2024-1568: Seraphinite Accelerator <= 2.20.52 - Authenticated (Subscriber+) Server-Side Request Forgery in OnAdminApi_HtmlCheck

The Seraphinite Accelerator plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.20.52 via the OnAdminApi_HtmlCheck function. This makes it possible for authenticated attackers, with subscriber-level access and above, to make w...

Published

Feb 27, 2024

Patched Release

2.21

Affected Versions

Versions up to 2.20.52

Next Step

Update to 2.21 or newer if supported.

Open CVE-2024-1568 Report Open CVE Reference

Plugin Medium Patched: Yes CVE-2024-22138

CVE-2024-22138: Seraphinite Accelerator <= 2.20.47 - Unauthenticated Sensitive Information Exposure via Log File

The Seraphinite Accelerator plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.20.47. This makes it possible for unauthenticated attackers to extract sensitive user or configuration data from log files.

Published

Jan 08, 2024

Patched Release

2.20.48

Affected Versions

Versions up to 2.20.47

Next Step

Update to 2.20.48 or newer if supported.

Open CVE-2024-22138 Report Open CVE Reference

Plugin Medium Patched: Yes CVE-2023-49740

CVE-2023-49740: Seraphinite Accelerator <= 2.20.28 - Reflected Cross-Site Scripting via rt

The Seraphinite Accelerator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘rt’ parameter in versions up to, and including, 2.20.28 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to in...

Published

Dec 01, 2023

Patched Release

2.20.29

Affected Versions

Versions up to 2.20.28

Next Step

Update to 2.20.29 or newer if supported.

Open CVE-2023-49740 Report Open CVE Reference

Plugin Medium Patched: Yes CVE-2023-5611

CVE-2023-5611: Seraphinite Accelerator (Base, cache only) <= 2.20.31 - Cross-Site Request Forgery

The Seraphinite Accelerator plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.20.31. This is due to missing nonce validation on the 'reset' case of the Init() function, the 'settImport' case of the _on_admin_action_act() func...

Published

Oct 29, 2023

Patched Release

2.20.32

Affected Versions

Versions up to 2.20.31

Next Step

Update to 2.20.32 or newer if supported.

Open CVE-2023-5611 Report Open CVE Reference

Plugin Medium Patched: Yes CVE-2023-5610

CVE-2023-5610: Seraphinite Accelerator <= 2.20.28 - Arbitrary Redirect via 'redir'

The Seraphinite Accelerator plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 2.20.28. This is due to insufficient validation on the redirect url supplied via the 'redir' parameter. This makes it possible for unauthenticated attackers to re...

Published

Oct 27, 2023

Patched Release

2.20.29

Affected Versions

Versions up to 2.20.28

Next Step

Update to 2.20.29 or newer if supported.

Open CVE-2023-5610 Report Open CVE Reference

Plugin Medium Patched: Yes CVE-2023-5609

CVE-2023-5609: Seraphinite Accelerator <= 2.20.28 - Reflected Cross-Site Scripting via 'rt'

The Seraphinite Accelerator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'rt' parameter in all versions up to, and including, 2.20.28 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers t...

Published

Oct 27, 2023

Patched Release

2.20.29

Affected Versions

Versions up to 2.20.28

Next Step

Update to 2.20.29 or newer if supported.

Open CVE-2023-5609 Report Open CVE Reference