CVSS: 4.3EPSS: %CPEs: 1EXPL: 0CVE-2024-54222 – Seraphinite Accelerator <= 2.22.15 (2.21.13 PRO) - Authenticated (Subscriber+) Information Exposure
https://notcve.org/view.php?id=CVE-2024-54222
19 Dec 2024 — The Seraphinite Accelerator plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.22.15 (2.21.13 PRO). This makes it possible for authenticated attackers, with Subscriber-level access and above, to extract sensitive user or configuration data. • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-37940 – WordPress Seraphinite Accelerator (Full, premium) plugin <= 2.21.13 - CSRF Leading to Arbitrary File Deletion vulnerability
https://notcve.org/view.php?id=CVE-2024-37940
09 Jul 2024 — Cross-Site Request Forgery (CSRF) vulnerability in Seraphinite Solutions Seraphinite Accelerator (Full, premium).This issue affects Seraphinite Accelerator (Full, premium): from n/a through 2.21.13. The Seraphinite Accelerator Premium plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.21.13. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to delete arbitrary files via a forged request g... • https://patchstack.com/database/vulnerability/seraphinite-accelerator-ext/wordpress-seraphinite-accelerator-full-premium-plugin-2-21-13-csrf-leading-to-arbitrary-file-deletion-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-22138 – WordPress Seraphinite Accelerator plugin <= 2.20.47 - Sensitive Data Exposure via Log File vulnerability
https://notcve.org/view.php?id=CVE-2024-22138
08 Jan 2024 — Insertion of Sensitive Information into Log File vulnerability in Seraphinite Solutions Seraphinite Accelerator.This issue affects Seraphinite Accelerator: from n/a through 2.20.47. Vulnerabilidad de inserción de información confidencial en el archivo de registro en Seraphinite Solutions Seraphinite Accelerator. Este problema afecta a Seraphinite Accelerator: desde n/a hasta 2.20.47. The Seraphinite Accelerator plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and i... • https://patchstack.com/database/vulnerability/seraphinite-accelerator/wordpress-seraphinite-accelerator-plugin-2-20-44-sensitive-data-exposure-via-log-file-vulnerability?_s_id=cve • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-532: Insertion of Sensitive Information into Log File •