CVE-2026-3058

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Seraphinite Accelerator plugin for WordPress versions up to and including 2.28.14

Description The Seraphinite Accelerator plugin for WordPress is susceptible to sensitive information disclosure. This is due to the OnAdminApi GetData() function lacking proper capability checks. Authenticated attackers with Subscriber-level access or higher can retrieve sensitive operational data through the seraph accel api AJAX action with the fn=GetData parameter. This data includes cache status, scheduled task information, and external database state. The GetData parameter is used in the seraph accel api API endpoint.

Recommendations Update the Seraphinite Accelerator plugin to a version later than 2.28.14.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2026-3058

Affected Products

Seraphinite Accelerator

CVE-2026-3058

Weakness Enumeration

Related Identifiers

Affected Products

References · 9