Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
4.3
Seraphinite Accelerator Plugin Allows Unauthorized Log Deletion
CVE-2026-3056
Summary
The Seraphinite Accelerator plugin for WordPress has a security issue that allows anyone with a basic account to delete important logs, potentially hiding issues with the plugin or site. This could be exploited by malicious users who have access to the site. To fix this, update the plugin to the latest version or remove and reinstall it.
Original title
The Seraphinite Accelerator plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the `seraph_accel_api` AJAX action with `fn=LogClear` in all...
Original description
The Seraphinite Accelerator plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the `seraph_accel_api` AJAX action with `fn=LogClear` in all versions up to, and including, 2.28.14. This makes it possible for authenticated attackers, with Subscriber-level access and above, to clear the plugin's debug/operational logs.
nvd CVSS3.1
4.3
Vulnerability type
CWE-862
Missing Authorization
- https://plugins.trac.wordpress.org/browser/seraphinite-accelerator/trunk/Cmn/Plu...
- https://plugins.trac.wordpress.org/browser/seraphinite-accelerator/trunk/main.ph...
- https://plugins.trac.wordpress.org/changeset/3468084/seraphinite-accelerator/tru...
- https://www.wordfence.com/threat-intel/vulnerabilities/id/96850eb6-77d8-4012-b36...
Published: 4 Mar 2026 · Updated: 13 Mar 2026 · First seen: 6 Mar 2026