Skip to main content
A Leader in the 2026 Gartner® Magic Quadrant™ for Endpoint Protection. Six years running.Find Out Why
  • Experiencing a breach?
  • Blog
  • Careers

  • Platform & Products

    • Singularity™ Platform

      Unified Enterprise Security. Machine-Speed Protection, Intelligence, and Response.

    • XDR

      Native and Open Protection, Detection, and Response.

    • Integrations and Partners

      One-Click Integrations to Unlock the Power of SentinelOne.

    Product Tours
    Pricing & Packages
    Get a Demo

  • Solutions & Use Cases

    SentinelOne for Industries

    Security Tuned for Your Industry.

    See All Industries
    • Healthcare

      Protect Patient Data. Keep Clinical Systems Online.

    • Financial Services

      Stop Fraud and Ransomware. Stay Audit-Ready.

    • Federal Government

      FedRAMP and IL5-Ready Defense for Federal Missions.

    • Manufacturing

      Defend OT, IT, IIOT, and Supply Chains at Scale.

    • Energy

      Secure OT Systems and Critical Infrastructure.

    • Transportation and Logistics

      Defend Operations Across Fleet, Port, and Rail.

    • Higher Education

      Protect Open Networks Without Slowing Research.

    • K-12 Education

      Stop Ransomware. Protect Students, Staff, and Data.

    • Retail and Hospitality

      Defend Your Brand, Customer Data, and Bottom Line.

    • SMB & Startups

      Enterprise-Grade Defense for Fast Teams.

    See all solutions

  • Services

    Managed Services

    Wayfinder Threat Detection and Response.

    Learn More
    • Threat Hunting

      World-Class Expertise and Threat Intelligence.

    • Managed Detection and Response

      24/7 Expert MDR Across Your Entire Environment.

    • Incident Readiness and Response

      DFIR, Breach Readiness, and Compromise Assessments.

    Experiencing a breach?

    Our experts are here to help 24/7.

    1-855-868-3733
    Get Help Now

  • Partners

    Become a Partner

    • Become a SentinelOne Partner

      Join the Global SentinelOne Ecosystem

    • Explore MSSP Solutions

      Services Succeed Faster with SentinelOne

    • Form a Technology Alliance

      Integrated, Enterprise-Scale Solutions

    Find a Partner

    • Enlist a Response or Advisory Team

      Enlist Pro Response and Advisory Teams

    • SentinelOne for AWS

      Hosted Across AWS Regions Worldwide

    • SentinelOne for Google

      Unified, Autonomous Security Giving Defenders the Advantage at Global Scale

    • Partner Locator

      Your Go-to Source for Our Top Partners in Your Region

    • Singularity Marketplace

      One-Click Integrations for Unified Prevention, Detection, and Response

      Explore integrations
    Partner Portal Login

  • Why SentinelOne

    • Why Choose SentinelOne

      AI-Powered Cybersecurity Built to Secure What’s Next.

    • Our Customers

      Trusted by the World’s Leading Companies.

    • Industry Awards & Recognition

      Tested and Proven by the Experts.

  • Resources & Support

    Resources

    • Resource Center
    • Webinars
    • Cybersecurity Blog
    • Events
    • Newsroom

    Company

    • About SentinelOne
    • Careers
    • S Ventures
    • S Foundation
    • Dataset
    • FAQ
    • Investors Relations

    Customer Success & Support

    • Live and On-Demand Training
    • Guided Onboarding & Deployment
    • Technical Account Management
    • Support Services
    • Customer Portal
    • Get Support Now

    Explore

    • Vulnerability Database
    • SentinelLABS Threat Research
    • Ransomeware Anthology
    • Cybersecurity 101
    EventJoin us at OneCon (Oct. 20–22, 2026)
    CompetitionThreat Hunting World Championship 2026
    ReportThe SentinelOne Annual Threat Report
  • Pricing
Get StartedContact us

Explore SentinelOne

  • Pricing
Events
Get StartedContact us
CVE Vulnerability Database
Vulnerability Database/CVE-2026-3058

CVE-2026-3058: Seraphinite Accelerator Info Disclosure

CVE-2026-3058 is an information disclosure vulnerability in the Seraphinite Accelerator WordPress plugin that allows authenticated attackers to access sensitive operational data. This post covers technical details, affected versions, impact, and mitigation strategies.

Published: March 6, 2026

CVE-2026-3058 Overview

The Seraphinite Accelerator plugin for WordPress contains a Sensitive Information Exposure vulnerability affecting all versions up to and including 2.28.14. The vulnerability exists in the seraph_accel_api AJAX action when using the fn=GetData parameter. Due to missing capability checks in the OnAdminApi_GetData() function, authenticated attackers with Subscriber-level access or above can retrieve sensitive operational data from the WordPress site.

Critical Impact

Authenticated users with minimal privileges (Subscriber-level) can access sensitive internal system information including cache status, scheduled task configurations, and external database connection states. This information disclosure could facilitate further attacks against the WordPress installation.

Affected Products

  • Seraphinite Accelerator WordPress Plugin versions up to and including 2.28.14

Discovery Timeline

  • 2026-03-04 - CVE-2026-3058 published to NVD
  • 2026-03-04 - Last updated in NVD database

Technical Details for CVE-2026-3058

Vulnerability Analysis

This vulnerability is classified as CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor). The core issue stems from an authorization bypass in the plugin's administrative API functionality. The OnAdminApi_GetData() function processes requests through the seraph_accel_api AJAX endpoint without validating whether the requesting user has appropriate administrative capabilities.

In WordPress, AJAX actions registered with the wp_ajax_ prefix are accessible to any authenticated user. When these endpoints handle sensitive administrative data, they must implement proper capability checks using functions like current_user_can(). The Seraphinite Accelerator plugin fails to implement these checks, allowing any authenticated user—including those with the lowest privilege level (Subscriber)—to invoke the GetData function and retrieve operational information that should only be accessible to administrators.

Root Cause

The root cause is the absence of authorization controls in the OnAdminApi_GetData() function. The function processes the fn=GetData request without first verifying that the authenticated user possesses administrative capabilities. This missing authorization check allows low-privileged users to access endpoints designed exclusively for site administrators.

Attack Vector

The attack is network-accessible and requires only low-privilege authentication (Subscriber-level). An attacker can exploit this vulnerability by:

  1. Registering or compromising a Subscriber-level account on a WordPress site running the vulnerable plugin
  2. Sending a crafted AJAX request to the seraph_accel_api endpoint with the fn=GetData parameter
  3. Receiving sensitive operational data in the response, including cache status, scheduled task information, and external database state

The disclosed information could reveal infrastructure details, performance configurations, and connected external services, potentially enabling reconnaissance for more sophisticated attacks.

Detection Methods for CVE-2026-3058

Indicators of Compromise

  • Unusual AJAX requests to wp-admin/admin-ajax.php with action parameter seraph_accel_api from non-administrative users
  • Log entries showing Subscriber or Contributor accounts accessing the GetData function
  • Repeated requests to the seraph_accel_api endpoint that pattern-match enumeration attempts

Detection Strategies

  • Monitor WordPress access logs for requests containing action=seraph_accel_api and fn=GetData parameters originating from users without administrative roles
  • Implement Web Application Firewall (WAF) rules to flag suspicious AJAX requests targeting plugin-specific endpoints from low-privilege users
  • Review WordPress audit logs for authentication events followed by immediate requests to sensitive plugin endpoints

Monitoring Recommendations

  • Enable detailed access logging on WordPress sites to capture full request parameters for AJAX actions
  • Configure alerting for AJAX endpoint access patterns that deviate from normal administrative usage
  • Implement user activity monitoring to track requests made by Subscriber and Contributor-level accounts to administrative endpoints

How to Mitigate CVE-2026-3058

Immediate Actions Required

  • Update the Seraphinite Accelerator plugin to the latest patched version immediately
  • Audit user accounts and remove unnecessary Subscriber or Contributor accounts that are no longer needed
  • Review access logs for evidence of exploitation attempts prior to patching
  • Consider temporarily disabling the plugin until the update can be applied if immediate patching is not possible

Patch Information

A security patch has been released to address this vulnerability. The fix is documented in the WordPress Plugin Changeset. Site administrators should update to the latest version of the Seraphinite Accelerator plugin through the WordPress plugin update interface. Additional technical details are available in the Wordfence Vulnerability Report.

Workarounds

  • Restrict user registration on WordPress sites to prevent attackers from obtaining authenticated access as Subscribers
  • Implement IP-based access controls to limit AJAX endpoint access to trusted networks
  • Deploy a Web Application Firewall with rules blocking unauthorized access to the seraph_accel_api endpoint
  • Temporarily disable the Seraphinite Accelerator plugin if it is not critical to site operations until the patch can be applied

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

  • Vulnerability Details
  • TypeInformation Disclosure
  • Vendor/TechWordpress
  • SeverityMEDIUM
  • CVSS Score4.3
  • EPSS Probability0.01%
  • Known ExploitedNo
  • CVSS Vector
  • CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
  • Impact Assessment
  • ConfidentialityLow
  • IntegrityNone
  • AvailabilityNone
  • CWE References
  • CWE-200
  • Technical References
  • WordPress Plugin Code Review
  • WordPress Plugin Code Review
  • WordPress Plugin Changeset
  • Wordfence Vulnerability Report
  • Related CVEs
  • CVE-2026-7542: Slider Revolution Information Disclosure
  • CVE-2026-8502: LearnPress Information Disclosure Flaw
  • CVE-2026-8611: WordPress Klamra Paycal IDOR Vulnerability
  • CVE-2026-8995: Poll Maker Information Disclosure Flaw
Default Legacy - Prefooter | Experience the World’s Most Advanced Cybersecurity Platform

Experience the Most Advanced Cybersecurity Platform

See how the world’s most intelligent, autonomous cybersecurity platform can protect your organization today and into the future.

Try SentinelOne
Get a DemoContact Us
  • Product Tours
  • Why SentinelOne
  • Pricing & Packages
  • FAQ
  • SentinelOne Status

Key Products & Solutions

  • Singularity Platform
  • Singularity Endpoint
  • Singularity Cloud
  • Prompt Security
  • Singularity AI-SIEM
  • Singularity Identity
  • Singularity Marketplace
  • Purple AI
  • Explore Solutions

Services

  • Wayfinder TDR
  • Managed Detection and Response
  • Threat Hunting
  • Incident Readiness
& Response
  • Technical Account Management
  • Guided Onboarding 
& Deployment
  • Support Services

Company

  • About Us
  • Our Customers
  • Careers
  • Partners
  • S1 Foundation
  • S1 Ventures
  • Legal Information
  • Security & Compliance
  • Investor Relations

Quick Links

  • Customer Portal
  • Partner Portal
  • Become a Partner
  • Resource Center
  • SentinelLABS Threat Research
  • Blog
  • Press Center
  • Cybersecurity 101
  • Events
  • Ransomware Anthology
©2026 SentinelOne, All Rights Reserved
Privacy NoticeTerms of Use
English
English