Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Seraphinite_accelerator
(S\-Sols)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 5 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2023-11-27 | CVE-2023-5611 | The Seraphinite Accelerator WordPress plugin before 2.20.32 does not have authorisation and CSRF checks when resetting and importing its settings, allowing unauthenticated users to reset them | Seraphinite_accelerator | 5.3 | ||
| 2023-12-14 | CVE-2023-49740 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Seraphinite Solutions Seraphinite Accelerator allows Reflected XSS.This issue affects Seraphinite Accelerator: from n/a through 2.20.28. | Seraphinite_accelerator | 6.1 | ||
| 2024-02-28 | CVE-2024-1568 | The Seraphinite Accelerator plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.20.52 via the OnAdminApi_HtmlCheck function. This makes it possible for authenticated attackers, with subscriber-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. | Seraphinite_accelerator | 6.4 | ||
| 2023-11-20 | CVE-2023-5609 | The Seraphinite Accelerator WordPress plugin before 2.2.29 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | Seraphinite_accelerator | 6.1 | ||
| 2023-11-20 | CVE-2023-5610 | The Seraphinite Accelerator WordPress plugin before 2.2.29 does not validate the URL to redirect any authenticated user to, leading to an arbitrary redirect | Seraphinite_accelerator | 5.4 |