Arubaos contains a vulnerability that allows attackers to bypass Layer 2 (L2) communication restrictions between clients and redirect traf (CVSS 4.3).
The Seraphinite Accelerator WordPress plugin through version 2.28.14 fails to validate user permissions on the `seraph_accel_api` AJAX endpoint, allowing authenticated subscribers and above to access sensitive operational data including cache status and database state. An attacker with a basic WordPress account can exploit the missing capability checks in the `OnAdminApi_GetData()` function to enumerate system information without administrative rights. No patch is currently available for this information disclosure vulnerability.
The Seraphinite Accelerator WordPress plugin through version 2.28.14 fails to properly validate user permissions on the LogClear AJAX function, allowing authenticated subscribers and higher-privileged users to delete the plugin's debug and operational logs. This capability bypass could enable attackers to cover their tracks or disrupt audit trails on affected WordPress installations. The vulnerability remains unpatched and has not been observed in active exploitation.