cleantalk
Vulnerabilities and Security Researches

Seraphinite Accelerator, CVE-2026-3056

CVE, Research URL

CVE-2026-3056

Home page URL

Security reports for Seraphinite Accelerator

Application

Seraphinite Accelerator

Published on
Mar 04, 2026
Research Description
The Seraphinite Accelerator plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the `seraph_accel_api` AJAX action with `fn=LogClear` in all versions up to, and including, 2.28.14. This makes it possible for authenticated attackers, with Subscriber-level access and above, to clear the plugin's debug/operational logs.
Affected versions
max 2.28.15.
Status
vulnerable
Previous vulnerability researches
Hustle – Email Marketing, Lead Generation, Optins, Popups (CVE-2026-2263) , Apr 13, 2026
Hustle – Email Marketing, Lead Generation, Optins, Popups (CVE-2024-0368) , Jun 07, 2024
Hustle – Email Marketing, Lead Generation, Optins, Popups (CVE-2019-11872) , Jun 07, 2024
Hustle – Email Marketing, Lead Generation, Optins, Popups (CVE-2026-24998) , Feb 27, 2026
Hustle – Email Marketing, Lead Generation, Optins, Popups (CVE-2018-18576) , Jun 07, 2024
New vulnerability
Disable Admin Notices individually (CVE-2026-2410) , Apr 15, 2026
Database for Contact Form 7, WPforms, Elementor forms (CVE-2026-2599) , Apr 15, 2026
Database for Contact Form 7, WPforms, Elementor forms (CVE-2026-0825) , Apr 15, 2026
WP User Frontend – Registration, User Profile, Membership, Content Restriction, User Directory, and Frontend Post Submiss (CVE-2026-1565) , Apr 15, 2026
BackWPup – WordPress Backup Plugin (CVE-2026-6227) , Apr 15, 2026