Plugin icon

Seraphinite Accelerator

seraphinite-accelerator

Vulnerabilities:

10

Last Updated:

April 2, 2026

Active Installs:

60000

Published
Title
Fixed in
CVSS
Published
2026-03-03
Title
Seraphinite Accelerator < 2.28.15 - Authenticated (Subscriber+) Exposure of Sensitive Information to an Unauthorized Actor
Fixed in
Fixed in 2.28.15
CVSS
4.3 (medium)
Published
2026-03-03
Title
Seraphinite Accelerator < 2.28.15 - Missing Authorization to Authenticated (Subscriber+) Log Clearing
Fixed in
Fixed in 2.28.15
CVSS
4.3 (medium)
Published
2025-04-29
Title
Seraphinite Accelerator < 2.27.22 - Cross-Site Request Forgery to Multiple Administrative Actions
Fixed in
Fixed in 2.27.22
CVSS
4.3 (medium)
Published
2024-12-19
Title
Seraphinite Accelerator <= 2.22.15 (2.21.13 PRO) - Authenticated (Subscriber+) Information Exposure
Fixed in
Fixed in 2.22.16
CVSS
4.3 (medium)
Published
2024-02-27
Title
Seraphinite Accelerator < 2.21 - Authenticated (Subscriber+) Server-Side Request Forgery in OnAdminApi_HtmlCheck
Fixed in
Fixed in 2.21
CVSS
6.4 (medium)
Published
2024-01-08
Title
Seraphinite Accelerator < 2.20.48 - Unauthenticated Sensitive Information Exposure via Log File
Fixed in
Fixed in 2.20.48
CVSS
5.3 (medium)
Published
2023-12-01
Title
Seraphinite Accelerator < 2.20.29 - Reflected Cross-Site Scripting via rt
Fixed in
Fixed in 2.20.29
CVSS
6.1 (medium)
Published
2023-11-06
Title
Seraphinite Accelerator < 2.20.32 - Unauthorised Settings Reset/Import
Fixed in
Fixed in 2.20.32
CVSS
5.3 (medium)
Published
2023-10-27
Title
Seraphinite Accelerator < 2.2.29 - Authenticated Arbitrary Redirect
Fixed in
Fixed in 2.2.29
CVSS
4.3 (medium)
Published
2023-10-27
Title
Seraphinite Accelerator < 2.2.29 - Reflected XSS
Fixed in
Fixed in 2.2.29
CVSS
7.1 (high)