{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-3056", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2026-02-23T18:01:35.112Z", "datePublished": "2026-03-04T11:22:30.902Z", "dateUpdated": "2026-04-08T17:10:15.473Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:10:15.473Z"}, "affected": [{"vendor": "seraphinitesoft", "product": "Seraphinite Accelerator", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "2.28.14", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Seraphinite Accelerator plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the `seraph_accel_api` AJAX action with `fn=LogClear` in all versions up to, and including, 2.28.14. This makes it possible for authenticated attackers, with Subscriber-level access and above, to clear the plugin's debug/operational logs."}], "title": "Seraphinite Accelerator <= 2.28.14 - Missing Authorization to Authenticated (Subscriber+) Log Clearing", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/96850eb6-77d8-4012-b360-a417918cab0e?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/seraphinite-accelerator/trunk/main.php#L2459"}, {"url": "https://plugins.trac.wordpress.org/browser/seraphinite-accelerator/trunk/Cmn/Plugin.php#L598"}, {"url": "https://plugins.trac.wordpress.org/changeset/3468084/seraphinite-accelerator/trunk/main.php?contextall=1"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-862 Missing Authorization", "cweId": "CWE-862", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "baseScore": 4.3, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "Nabil Irawan"}], "timeline": [{"time": "2026-02-23T21:12:56.000Z", "lang": "en", "value": "Vendor Notified"}, {"time": "2026-03-03T21:55:42.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-04T15:00:17.473760Z", "id": "CVE-2026-3056", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-04T15:00:26.502Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-3056", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-04T15:00:17.473760Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-04T15:00:22.683Z"}}], "cna": {"title": "Seraphinite Accelerator <= 2.28.14 - Missing Authorization to Authenticated (Subscriber+) Log Clearing", "credits": [{"lang": "en", "type": "finder", "value": "Nabil Irawan"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 4.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"}}], "affected": [{"vendor": "seraphinitesoft", "product": "Seraphinite Accelerator", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "2.28.14"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2026-02-23T21:12:56.000Z", "value": "Vendor Notified"}, {"lang": "en", "time": "2026-03-03T21:55:42.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/96850eb6-77d8-4012-b360-a417918cab0e?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/seraphinite-accelerator/trunk/main.php#L2459"}, {"url": "https://plugins.trac.wordpress.org/browser/seraphinite-accelerator/trunk/Cmn/Plugin.php#L598"}, {"url": "https://plugins.trac.wordpress.org/changeset/3468084/seraphinite-accelerator/trunk/main.php?contextall=1"}], "descriptions": [{"lang": "en", "value": "The Seraphinite Accelerator plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the `seraph_accel_api` AJAX action with `fn=LogClear` in all versions up to, and including, 2.28.14. This makes it possible for authenticated attackers, with Subscriber-level access and above, to clear the plugin's debug/operational logs."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-862", "description": "CWE-862 Missing Authorization"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:10:15.473Z"}}}, "cveMetadata": {"cveId": "CVE-2026-3056", "state": "PUBLISHED", "dateUpdated": "2026-04-08T17:10:15.473Z", "dateReserved": "2026-02-23T18:01:35.112Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2026-03-04T11:22:30.902Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The Seraphinite Accelerator plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the `seraph_accel_api` AJAX action with `fn=LogClear` in all versions up to, and including, 2.28.14. This makes it possible for authenticated attackers, with Subscriber-level access and above, to clear the plugin's debug/operational logs."}, {"lang": "es", "value": "El plugin Seraphinite Accelerator para WordPress es vulnerable a la modificaci\u00f3n no autorizada de datos debido a una falta de verificaci\u00f3n de capacidad en la acci\u00f3n AJAX 'seraph_accel_api' con 'fn=LogClear' en todas las versiones hasta la 2.28.14, inclusive. Esto permite a atacantes autenticados, con acceso de nivel Suscriptor y superior, borrar los registros de depuraci\u00f3n/operacionales del plugin."}], "id": "CVE-2026-3056", "lastModified": "2026-04-22T21:26:58.303", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2026-03-04T12:16:03.210", "references": [{"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/seraphinite-accelerator/trunk/Cmn/Plugin.php#L598"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/seraphinite-accelerator/trunk/main.php#L2459"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/changeset/3468084/seraphinite-accelerator/trunk/main.php?contextall=1"}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/96850eb6-77d8-4012-b360-a417918cab0e?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,2.28.14]"}}], "enrichment": {"confidence": 92.0, "confidence_source": "matching", "scores": [{"score": 92.0, "source": "matching"}]}, "original": {"product": "Seraphinite Accelerator", "source": "cna", "vendor": "seraphinitesoft"}, "product": "seraphinite_accelerator", "vendor": "seraphinitesolutions"}, {"configurations": [{"platform": null, "status": "unaffected", "versions": null}], "enrichment": {"confidence": 80.0, "confidence_source": "inferred", "scores": [{"score": 80.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "product": "wordpress", "vendor": "wordpress"}], "analysis": {"en": {"generated_at": "2026-04-15T17:55:51.896085+00:00", "value": {"mitigation_remediation": ["Upgrade Seraphinite Accelerator to version\u00a02.28.15\u00a0or later, where the missing capability check has been added.", "Configure the web application firewall or .htaccess rules to block the\u00a0seraph_accel_api\u00a0action for non\u2011administrator roles, preventing unauthorized log\u2010clearing requests.", "Monitor admin\u2011ajax.php\u00a0traffic for the\u00a0fn=LogClear\u00a0parameter and alert on unexpected activity to detect attempts to tamper with audit logs."], "summary": {"action": "Patch", "impact": "Log Tampering"}, "threat_synthesis": {"affected_systems": "All installations of Seraphinite Accelerator up through version\u00a02.28.14, deployed on WordPress sites, are affected. The issue resides in the plugin\u2019s core AJAX handling code, specifically the LogClear function exposed via the admin\u2011ajax.php endpoint.", "description_and_impact": "The Seraphinite Accelerator WordPress plugin allows authenticated users with a Subscriber role or higher to invoke a missing capability check on an AJAX action named\u00a0seraph_accel_api\u00a0with\u00a0fn=LogClear, enabling these users to erase the plugin\u2019s debug and operational logs. This activity undermines forensic continuity and auditability but does not provide direct code execution or broader system compromise. The vulnerability is a classic missing authorization flaw, corresponding to CWE\u2011862.", "risk_and_exploitability": "The overall severity is moderate with a CVSS score of 4.3. The EPSS score is below 1\u202f%, indicating that exploit attempts are currently expected to be very uncommon. The vulnerability is not listed in the CISA KEV catalog, suggesting no known widespread exploitation. Attackers would need to authenticate to the site with a Subscriber\u2011level or higher role and issue the specific AJAX request, a condition that is relatively easy to meet on any site that grants such permissions, but the impact is limited to log visibility rather than system control."}}}}, "created": "2026-03-04T21:03:40.023854+00:00", "updated": "2026-04-15T18:00:15.501206+00:00", "vendors": ["seraphinitesolutions", "seraphinitesolutions$PRODUCT$seraphinite_accelerator", "wordpress", "wordpress$PRODUCT$wordpress"]}