CVSS: 4.3EPSS: %CPEs: 1EXPL: 0CVE-2024-54222 – Seraphinite Accelerator <= 2.22.15 (2.21.13 PRO) - Authenticated (Subscriber+) Information Exposure
https://notcve.org/view.php?id=CVE-2024-54222
19 Dec 2024 — The Seraphinite Accelerator plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.22.15 (2.21.13 PRO). This makes it possible for authenticated attackers, with Subscriber-level access and above, to extract sensitive user or configuration data. • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-1568 – Seraphinite Accelerator <= 2.20.52 - Authenticated (Subscriber+) Server-Side Request Forgery in OnAdminApi_HtmlCheck
https://notcve.org/view.php?id=CVE-2024-1568
27 Feb 2024 — The Seraphinite Accelerator plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.20.52 via the OnAdminApi_HtmlCheck function. This makes it possible for authenticated attackers, with subscriber-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. El complemento Seraphinite Accelerator para WordPress es vulnerable a Server-Side Reques... • https://plugins.trac.wordpress.org/changeset/3040707/seraphinite-accelerator • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-22138 – WordPress Seraphinite Accelerator plugin <= 2.20.47 - Sensitive Data Exposure via Log File vulnerability
https://notcve.org/view.php?id=CVE-2024-22138
08 Jan 2024 — Insertion of Sensitive Information into Log File vulnerability in Seraphinite Solutions Seraphinite Accelerator.This issue affects Seraphinite Accelerator: from n/a through 2.20.47. Vulnerabilidad de inserción de información confidencial en el archivo de registro en Seraphinite Solutions Seraphinite Accelerator. Este problema afecta a Seraphinite Accelerator: desde n/a hasta 2.20.47. The Seraphinite Accelerator plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and i... • https://patchstack.com/database/vulnerability/seraphinite-accelerator/wordpress-seraphinite-accelerator-plugin-2-20-44-sensitive-data-exposure-via-log-file-vulnerability?_s_id=cve • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-49740 – WordPress Seraphinite Accelerator Plugin <= 2.20.28 is vulnerable to Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2023-49740
01 Dec 2023 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Seraphinite Solutions Seraphinite Accelerator allows Reflected XSS.This issue affects Seraphinite Accelerator: from n/a through 2.20.28. Vulnerabilidad de neutralización inadecuada de la entrada durante la generación de páginas web ('Cross-Site Scripting') en Seraphinite Solutions Seraphinite Accelerator permite Reflected XSS. Este problema afecta a Seraphinite Accelerator: desde n/a hasta 2.20.28. The Sera... • https://patchstack.com/database/vulnerability/seraphinite-accelerator/wordpress-seraphinite-accelerator-plugin-2-20-28-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2023-5611 – Seraphinite Accelerator < 2.20.32 - Unauthorised Settings Reset/Import
https://notcve.org/view.php?id=CVE-2023-5611
29 Oct 2023 — The Seraphinite Accelerator WordPress plugin before 2.20.32 does not have authorisation and CSRF checks when resetting and importing its settings, allowing unauthenticated users to reset them El complemento Seraphinite Accelerator de WordPress anterior a la versión 2.20.32 no tiene autorización ni controles CSRF al restablecer e importar su configuración, lo que permite a los usuarios no autenticados restablecerla. The Seraphinite Accelerator plugin for WordPress is vulnerable to Cross-Site Request Forgery ... • https://wpscan.com/vulnerability/8cb8a5e9-2ab6-4d9b-9ffc-ef530e346f8d • CWE-352: Cross-Site Request Forgery (CSRF) CWE-862: Missing Authorization •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-5609 – Seraphinite Accelerator < 2.20.29 - Reflected XSS
https://notcve.org/view.php?id=CVE-2023-5609
27 Oct 2023 — The Seraphinite Accelerator WordPress plugin before 2.2.29 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin El complemento Seraphinite Accelerator de WordPress anterior a 2.2.29 no sanitiza ni escapa un parámetro antes de devolverlo a la página, lo que genera un ataque de Cross-Site Scripting reflejado que podría usarse contra usuarios con privilegios elevados, como admin... • https://wpscan.com/vulnerability/aac4bcc8-b826-4165-aed3-f422dd178692 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-5610 – Seraphinite Accelerator < 2.20.29 - Authenticated Arbitrary Redirect
https://notcve.org/view.php?id=CVE-2023-5610
27 Oct 2023 — The Seraphinite Accelerator WordPress plugin before 2.2.29 does not validate the URL to redirect any authenticated user to, leading to an arbitrary redirect El complemento Seraphinite Accelerator de WordPress anterior a 2.2.29 no valida la URL para redirigir a cualquier usuario autenticado, lo que genera una redirección arbitraria. The Seraphinite Accelerator plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 2.20.28. This is due to insufficient validation on the redir... • https://wpscan.com/vulnerability/e880a9fb-b089-4f98-9781-7d946f22777e • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •