Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
4.3
Seraphinite Accelerator for WordPress: Unauthorized Access to Sensitive Data
CVE-2026-3058
Summary
The Seraphinite Accelerator plugin for WordPress stores sensitive information that attackers with Subscriber-level access and above can access without permission. This allows them to see details about your website's cache, scheduled tasks, and external database connections. To protect your site, update the plugin to the latest version.
Original title
The Seraphinite Accelerator plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.28.14 via the `seraph_accel_api` AJAX action with `fn=GetDat...
Original description
The Seraphinite Accelerator plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.28.14 via the `seraph_accel_api` AJAX action with `fn=GetData`. This is due to the `OnAdminApi_GetData()` function not performing any capability checks. This makes it possible for authenticated attackers, with Subscriber-level access and above, to retrieve sensitive operational data including cache status, scheduled task information, and external database state.
nvd CVSS3.1
4.3
Vulnerability type
CWE-200
Information Exposure
- https://plugins.trac.wordpress.org/browser/seraphinite-accelerator/trunk/Cmn/Plu...
- https://plugins.trac.wordpress.org/browser/seraphinite-accelerator/trunk/main.ph...
- https://plugins.trac.wordpress.org/changeset/3468084/seraphinite-accelerator/tru...
- https://www.wordfence.com/threat-intel/vulnerabilities/id/bf539c01-596a-44dd-958...
Published: 4 Mar 2026 · Updated: 13 Mar 2026 · First seen: 6 Mar 2026