← Back

S Sols

s-sols

8 CVEs • 2 products

Products (2)

Click to collapse
Toggle
Seraphinite Accelerator
seraphinite_accelerator
6 CVEs
Seraphinite Post .docx Source
seraphinite_post_.docx_source
2 CVEs

CVEs (8)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2026-3058
1S Sols
1Seraphinite Accelerator
Mar 31, 2026
Mar 4, 2026
N/A· v4
6.5 MEDIUM· v3
N/A· v2
The Seraphinite Accelerator plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.28.14 via the `seraph_accel_api` AJAX action with `fn=GetData`. This is due to the...Show more
The Seraphinite Accelerator plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.28.14 via the `seraph_accel_api` AJAX action with `fn=GetData`. This is due to the `OnAdminApi_GetData()` function not performing any capability checks. This makes it possible for authenticated attackers, with Subscriber-level access and above, to retrieve sensitive operational data including cache status, scheduled task information, and external database state.Show less
CVE-2024-38728
1S Sols
1Seraphinite Post .docx Source
Nov 21, 2024
Jul 22, 2024
N/A· v4
6.4 MEDIUM· v3
N/A· v2
Server-Side Request Forgery (SSRF) vulnerability in Seraphinite Solutions Seraphinite Post .DOCX Source.This issue affects Seraphinite Post .DOCX Source: from n/a through 2.16.9.
CVE-2024-1568
1S Sols
1Seraphinite Accelerator
Apr 8, 2026
Feb 28, 2024
N/A· v4
6.4 MEDIUM· v3
N/A· v2
The Seraphinite Accelerator plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.20.52 via the OnAdminApi_HtmlCheck function. This makes it possible for authenticated...Show more
The Seraphinite Accelerator plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.20.52 via the OnAdminApi_HtmlCheck function. This makes it possible for authenticated attackers, with subscriber-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.Show less
CVE-2023-49740
1S Sols
1Seraphinite Accelerator
Apr 28, 2026
Dec 14, 2023
N/A· v4
6.1 MEDIUM· v3
N/A· v2
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Seraphinite Solutions Seraphinite Accelerator allows Reflected XSS.This issue affects Seraphinite Accelerator: from n/...Show more
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Seraphinite Solutions Seraphinite Accelerator allows Reflected XSS.This issue affects Seraphinite Accelerator: from n/a through 2.20.28.Show less
CVE-2023-48279
1S Sols
1Seraphinite Post .docx Source
Apr 28, 2026
Nov 30, 2023
N/A· v4
8.8 HIGH· v3
N/A· v2
Cross-Site Request Forgery (CSRF) vulnerability in Seraphinite Solutions Seraphinite Post .DOCX Source allows Cross Site Request Forgery.This issue affects Seraphinite Post .DOCX Source: from n/a through 2.16.6.
CVE-2023-5611
1S Sols
1Seraphinite Accelerator
Jan 16, 2025
Nov 27, 2023
N/A· v4
5.3 MEDIUM· v3
N/A· v2
The Seraphinite Accelerator WordPress plugin before 2.20.32 does not have authorisation and CSRF checks when resetting and importing its settings, allowing unauthenticated users to reset them
CVE-2023-5610
1S Sols
1Seraphinite Accelerator
Nov 21, 2024
Nov 20, 2023
N/A· v4
5.4 MEDIUM· v3
N/A· v2
The Seraphinite Accelerator WordPress plugin before 2.2.29 does not validate the URL to redirect any authenticated user to, leading to an arbitrary redirect
CVE-2023-5609
1S Sols
1Seraphinite Accelerator
Nov 21, 2024
Nov 20, 2023
N/A· v4
6.1 MEDIUM· v3
N/A· v2
The Seraphinite Accelerator WordPress plugin before 2.2.29 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high priv...Show more
The Seraphinite Accelerator WordPress plugin before 2.2.29 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as adminShow less