CVE-2026-3056

Name of the Vulnerable Software and Affected Versions Seraphinite Accelerator versions prior to 2.28.14

Description The Seraphinite Accelerator plugin for WordPress has a flaw that allows unauthorized data modification. This is due to a missing capability check on the seraph accel api AJAX action when fn=LogClear is used. Authenticated attackers with Subscriber-level access or higher can exploit this to clear the plugin’s debug and operational logs. The vulnerable AJAX action is seraph accel api.

Recommendations Update to a version later than 2.28.14.