Skip to main content
CVE-2026-23811 MEDIUM This Month

Arubaos contains a vulnerability that allows attackers to bypass Layer 2 (L2) communication restrictions between clients and redirect traf (CVSS 4.3).

Authentication Bypass Arubaos
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-3058 MEDIUM This Month

The Seraphinite Accelerator WordPress plugin through version 2.28.14 fails to validate user permissions on the `seraph_accel_api` AJAX endpoint, allowing authenticated subscribers and above to access sensitive operational data including cache status and database state. An attacker with a basic WordPress account can exploit the missing capability checks in the `OnAdminApi_GetData()` function to enumerate system information without administrative rights. No patch is currently available for this information disclosure vulnerability.

WordPress Information Disclosure
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-3056 MEDIUM This Month

The Seraphinite Accelerator WordPress plugin through version 2.28.14 fails to properly validate user permissions on the LogClear AJAX function, allowing authenticated subscribers and higher-privileged users to delete the plugin's debug and operational logs. This capability bypass could enable attackers to cover their tracks or disrupt audit trails on affected WordPress installations. The vulnerability remains unpatched and has not been observed in active exploitation.

WordPress Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.0%
Prev Page 3 of 3

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy