cleantalk
Vulnerabilities and Security Researches

Seraphinite Accelerator, CVE-2026-3058

CVE, Research URL

CVE-2026-3058

Home page URL

Security reports for Seraphinite Accelerator

Application

Seraphinite Accelerator

Published on
Mar 04, 2026
Research Description
The Seraphinite Accelerator plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.28.14 via the `seraph_accel_api` AJAX action with `fn=GetData`. This is due to the `OnAdminApi_GetData()` function not performing any capability checks. This makes it possible for authenticated attackers, with Subscriber-level access and above, to retrieve sensitive operational data including cache status, scheduled task information, and external database state.
Affected versions
max 2.28.15.
Status
vulnerable
Previous vulnerability researches
Hustle – Email Marketing, Lead Generation, Optins, Popups (CVE-2026-2263) , Apr 13, 2026
Hustle – Email Marketing, Lead Generation, Optins, Popups (CVE-2024-0368) , Jun 07, 2024
Hustle – Email Marketing, Lead Generation, Optins, Popups (CVE-2019-11872) , Jun 07, 2024
Hustle – Email Marketing, Lead Generation, Optins, Popups (CVE-2026-24998) , Feb 27, 2026
Hustle – Email Marketing, Lead Generation, Optins, Popups (CVE-2018-18576) , Jun 07, 2024
New vulnerability
Disable Admin Notices individually (CVE-2026-2410) , Apr 15, 2026
Database for Contact Form 7, WPforms, Elementor forms (CVE-2026-2599) , Apr 15, 2026
Database for Contact Form 7, WPforms, Elementor forms (CVE-2026-0825) , Apr 15, 2026
WP User Frontend – Registration, User Profile, Membership, Content Restriction, User Directory, and Frontend Post Submiss (CVE-2026-1565) , Apr 15, 2026
BackWPup – WordPress Backup Plugin (CVE-2026-6227) , Apr 15, 2026