CVE-2024-54222
Missing Authorization in Seraphinite Accelerator Allows Data Exposure
Publication date: 2026-02-20
Last updated on: 2026-02-25
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| seraphinite_solutions | seraphinite_accelerator | to 2.22.15 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2024-54222 is a Sensitive Data Exposure vulnerability found in the WordPress Seraphinite Accelerator Plugin versions up to and including 2.22.15.
This vulnerability allows a malicious actor with subscriber-level privileges to access sensitive information that is normally restricted from regular users.
It is classified under the OWASP Top 10 category A1: Broken Access Control, meaning it is caused by missing or improper authorization checks.
How can this vulnerability impact me? :
The vulnerability can lead to unauthorized access to sensitive data within the Seraphinite Accelerator plugin.
This exposure of sensitive information could potentially enable further exploitation of other system weaknesses.
However, the CVSS severity score is 4.3, indicating a low priority threat with limited impact.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
I don't know
What immediate steps should I take to mitigate this vulnerability?
To mitigate the vulnerability in the Seraphinite Accelerator plugin, users should update the plugin to version 2.22.16 or later, where the issue has been patched.
Patchstack also offers automated updates for vulnerable plugins to provide rapid protection.