Aggregates CVE and security vulnerability intelligence across all s-sols-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Historical issues mainly involve vendor risk csrf and vendor risk open redirect and related problems; some flaws may lead to vendor impact session compromise, affecting vendor surface software deployment scenarios.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2026-3058 | The Seraphinite Accelerator plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.28.14 via the `seraph_accel_api` AJAX action with `fn=GetData`. This is due to the `OnAdminApi_GetData()` function not performing any capability checks. This makes it possible for authenticated attackers, with Subscriber-level access and above, to retrieve sensitive operational data including cache status, scheduled task information, and external database state | [email protected] | 4.3 | 0.03% | 2026-03-04 | 2026-03-31 |
| CVE-2024-38728 | Server-Side Request Forgery (SSRF) vulnerability in Seraphinite Solutions Seraphinite Post .DOCX Source.This issue affects Seraphinite Post .DOCX Source: from n/a through 2.16.9. | [email protected] | 7.2 | 0.27% | 2024-07-22 | 2024-11-21 |
| CVE-2024-1568 | The Seraphinite Accelerator plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.20.52 via the OnAdminApi_HtmlCheck function. This makes it possible for authenticated attackers, with subscriber-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. | [email protected] | 6.4 | 0.15% | 2024-02-28 | 2026-04-08 |
| CVE-2023-49740 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Seraphinite Solutions Seraphinite Accelerator allows Reflected XSS.This issue affects Seraphinite Accelerator: from n/a through 2.20.28. | [email protected] | 7.1 | 0.19% | 2023-12-14 | 2026-04-28 |
| CVE-2023-48279 | Cross-Site Request Forgery (CSRF) vulnerability in Seraphinite Solutions Seraphinite Post .DOCX Source allows Cross Site Request Forgery.This issue affects Seraphinite Post .DOCX Source: from n/a through 2.16.6. | [email protected] | 4.3 | 0.22% | 2023-11-30 | 2026-04-28 |
| CVE-2023-5611 | The Seraphinite Accelerator WordPress plugin before 2.20.32 does not have authorisation and CSRF checks when resetting and importing its settings, allowing unauthenticated users to reset them | [email protected] | 5.3 | 0.10% | 2023-11-27 | 2025-01-16 |
| CVE-2023-5610 | The Seraphinite Accelerator WordPress plugin before 2.2.29 does not validate the URL to redirect any authenticated user to, leading to an arbitrary redirect | [email protected] | 5.4 | 0.12% | 2023-11-20 | 2024-11-21 |
| CVE-2023-5609 | The Seraphinite Accelerator WordPress plugin before 2.2.29 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | [email protected] | 6.1 | 0.12% | 2023-11-20 | 2024-11-21 |