CVE-2026-3058

Name of the Vulnerable Software and Affected Versions Seraphinite Accelerator plugin for WordPress versions up to and including 2.28.14

Description The Seraphinite Accelerator plugin for WordPress is susceptible to sensitive information disclosure. This is due to the OnAdminApi GetData() function lacking proper capability checks. Authenticated attackers with Subscriber-level access or higher can retrieve sensitive operational data through the seraph accel api AJAX action with the fn=GetData parameter. This data includes cache status, scheduled task information, and external database state. The GetData parameter is used in the seraph accel api API endpoint.

Recommendations Update the Seraphinite Accelerator plugin to a version later than 2.28.14.