Seraphinite Accelerator WordPress Plugin Sensitive Information Exposure Vulnerability

A vulnerability allowing sensitive information exposure has been identified in the Seraphinite Accelerator plugin for WordPress, affecting all versions through 2.28.14. The issue arises in the `seraph_accel_api` AJAX action, specifically with the `fn=GetData` parameter. The vulnerability is caused by the `OnAdminApi_GetData()` function, which fails to implement proper capability checks. This oversight enables authenticated attackers with Subscriber-level access or higher to access confidential operational data, such as cache status, scheduled task details, and external database information.

Impact

Exploitation of this vulnerability allows authenticated attackers to access sensitive operational data, including cache status, scheduled task information, and external database state.

Reproduction

To reproduce this vulnerability, an authenticated user with Subscriber-level access or higher can send a request to the `seraph_accel_api` AJAX action with the `fn=GetData` parameter. This request can be made through the WordPress admin interface or by using a tool that allows for the manipulation of AJAX requests. Once the request is sent, the response will include the sensitive information that has been exposed due to the lack of proper capability checks.

Remediation

Users are advised to update the Seraphinite Accelerator plugin to version 2.28.15 or a newer patched version.