CVE-2026-3058 (GCVE-0-2026-3058)
Vulnerability from cvelistv5 – Published: 2026-03-04 11:22 – Updated: 2026-04-08 17:19
VLAI?
Title
Seraphinite Accelerator <= 2.28.14 - Authenticated (Subscriber+) Exposure of Sensitive Information to an Unauthorized Actor
Summary
The Seraphinite Accelerator plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.28.14 via the `seraph_accel_api` AJAX action with `fn=GetData`. This is due to the `OnAdminApi_GetData()` function not performing any capability checks. This makes it possible for authenticated attackers, with Subscriber-level access and above, to retrieve sensitive operational data including cache status, scheduled task information, and external database state.
Severity ?
4.3 (Medium)
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| seraphinitesoft | Seraphinite Accelerator |
Affected:
0 , ≤ 2.28.14
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-3058",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-04T14:58:48.858817Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-04T14:58:57.382Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Seraphinite Accelerator",
"vendor": "seraphinitesoft",
"versions": [
{
"lessThanOrEqual": "2.28.14",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Lukasz Sobanski"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Seraphinite Accelerator plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.28.14 via the `seraph_accel_api` AJAX action with `fn=GetData`. This is due to the `OnAdminApi_GetData()` function not performing any capability checks. This makes it possible for authenticated attackers, with Subscriber-level access and above, to retrieve sensitive operational data including cache status, scheduled task information, and external database state."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T17:19:26.805Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/bf539c01-596a-44dd-9587-6be6978ab0fa?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/seraphinite-accelerator/trunk/main.php#L2288"
},
{
"url": "https://plugins.trac.wordpress.org/browser/seraphinite-accelerator/trunk/Cmn/Plugin.php#L598"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3468084/seraphinite-accelerator/trunk/main.php?contextall=1"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-02-23T21:12:57.000Z",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2026-03-03T22:00:52.000Z",
"value": "Disclosed"
}
],
"title": "Seraphinite Accelerator \u003c= 2.28.14 - Authenticated (Subscriber+) Exposure of Sensitive Information to an Unauthorized Actor"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2026-3058",
"datePublished": "2026-03-04T11:22:31.410Z",
"dateReserved": "2026-02-23T18:06:28.405Z",
"dateUpdated": "2026-04-08T17:19:26.805Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2026-3058",
"date": "2026-04-28",
"epss": "0.00015",
"percentile": "0.03032"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2026-3058\",\"sourceIdentifier\":\"security@wordfence.com\",\"published\":\"2026-03-04T12:16:03.373\",\"lastModified\":\"2026-03-31T18:37:28.273\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The Seraphinite Accelerator plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.28.14 via the `seraph_accel_api` AJAX action with `fn=GetData`. This is due to the `OnAdminApi_GetData()` function not performing any capability checks. This makes it possible for authenticated attackers, with Subscriber-level access and above, to retrieve sensitive operational data including cache status, scheduled task information, and external database state.\"},{\"lang\":\"es\",\"value\":\"El plugin Seraphinite Accelerator para WordPress es vulnerable a la exposici\u00f3n de informaci\u00f3n sensible en todas las versiones hasta la 2.28.14, inclusive, a trav\u00e9s de la acci\u00f3n AJAX \u0027seraph_accel_api\u0027 con \u0027fn=GetData\u0027. Esto se debe a que la funci\u00f3n \u0027OnAdminApi_GetData()\u0027 no realiza ninguna comprobaci\u00f3n de capacidad. Esto permite a atacantes autenticados, con acceso de nivel Suscriptor y superior, recuperar datos operativos sensibles, incluyendo el estado de la cach\u00e9, informaci\u00f3n de tareas programadas y el estado de la base de datos externa.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security@wordfence.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N\",\"baseScore\":4.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":1.4},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"security@wordfence.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-200\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:s-sols:seraphinite_accelerator:*:*:*:*:*:wordpress:*:*\",\"versionEndExcluding\":\"2.28.15\",\"matchCriteriaId\":\"E8A72897-8765-41A4-BC20-37AB45E48A55\"}]}]}],\"references\":[{\"url\":\"https://plugins.trac.wordpress.org/browser/seraphinite-accelerator/trunk/Cmn/Plugin.php#L598\",\"source\":\"security@wordfence.com\",\"tags\":[\"Product\"]},{\"url\":\"https://plugins.trac.wordpress.org/browser/seraphinite-accelerator/trunk/main.php#L2288\",\"source\":\"security@wordfence.com\",\"tags\":[\"Product\"]},{\"url\":\"https://plugins.trac.wordpress.org/changeset/3468084/seraphinite-accelerator/trunk/main.php?contextall=1\",\"source\":\"security@wordfence.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://www.wordfence.com/threat-intel/vulnerabilities/id/bf539c01-596a-44dd-9587-6be6978ab0fa?source=cve\",\"source\":\"security@wordfence.com\",\"tags\":[\"Third Party Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-3058\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-03-04T14:58:48.858817Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-03-04T14:58:53.317Z\"}}], \"cna\": {\"title\": \"Seraphinite Accelerator \u003c= 2.28.14 - Authenticated (Subscriber+) Exposure of Sensitive Information to an Unauthorized Actor\", \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Lukasz Sobanski\"}], \"metrics\": [{\"cvssV3_1\": {\"version\": \"3.1\", \"baseScore\": 4.3, \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N\"}}], \"affected\": [{\"vendor\": \"seraphinitesoft\", \"product\": \"Seraphinite Accelerator\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"2.28.14\"}], \"defaultStatus\": \"unaffected\"}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2026-02-23T21:12:57.000Z\", \"value\": \"Vendor Notified\"}, {\"lang\": \"en\", \"time\": \"2026-03-03T22:00:52.000Z\", \"value\": \"Disclosed\"}], \"references\": [{\"url\": \"https://www.wordfence.com/threat-intel/vulnerabilities/id/bf539c01-596a-44dd-9587-6be6978ab0fa?source=cve\"}, {\"url\": \"https://plugins.trac.wordpress.org/browser/seraphinite-accelerator/trunk/main.php#L2288\"}, {\"url\": \"https://plugins.trac.wordpress.org/browser/seraphinite-accelerator/trunk/Cmn/Plugin.php#L598\"}, {\"url\": \"https://plugins.trac.wordpress.org/changeset/3468084/seraphinite-accelerator/trunk/main.php?contextall=1\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"The Seraphinite Accelerator plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.28.14 via the `seraph_accel_api` AJAX action with `fn=GetData`. This is due to the `OnAdminApi_GetData()` function not performing any capability checks. This makes it possible for authenticated attackers, with Subscriber-level access and above, to retrieve sensitive operational data including cache status, scheduled task information, and external database state.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-200\", \"description\": \"CWE-200 Exposure of Sensitive Information to an Unauthorized Actor\"}]}], \"providerMetadata\": {\"orgId\": \"b15e7b5b-3da4-40ae-a43c-f7aa60e62599\", \"shortName\": \"Wordfence\", \"dateUpdated\": \"2026-04-08T17:19:26.805Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2026-3058\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-04-08T17:19:26.805Z\", \"dateReserved\": \"2026-02-23T18:06:28.405Z\", \"assignerOrgId\": \"b15e7b5b-3da4-40ae-a43c-f7aa60e62599\", \"datePublished\": \"2026-03-04T11:22:31.410Z\", \"assignerShortName\": \"Wordfence\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…