CVE-2024-54222
Awaiting Analysis Awaiting Analysis - Queue
Missing Authorization in Seraphinite Accelerator Allows Data Exposure

Publication date: 2026-02-20

Last updated on: 2026-02-25

Assigner: Patchstack

Description
Missing Authorization vulnerability in Seraphinite Solutions Seraphinite Accelerator seraphinite-accelerator allows Retrieve Embedded Sensitive Data.This issue affects Seraphinite Accelerator: from n/a through <= 2.22.15.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-20
Last Modified
2026-02-25
Generated
2026-06-16
AI Q&A
2026-02-20
EPSS Evaluated
2026-06-15
NVD
CVE-2024-54222
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
seraphinite_solutions seraphinite_accelerator to 2.22.15 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-862 The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2024-54222 is a Sensitive Data Exposure vulnerability found in the WordPress Seraphinite Accelerator Plugin versions up to and including 2.22.15.

This vulnerability allows a malicious actor with subscriber-level privileges to access sensitive information that is normally restricted from regular users.

It is classified under the OWASP Top 10 category A1: Broken Access Control, meaning it is caused by missing or improper authorization checks.

Impact Analysis

The vulnerability can lead to unauthorized access to sensitive data within the Seraphinite Accelerator plugin.

This exposure of sensitive information could potentially enable further exploitation of other system weaknesses.

However, the CVSS severity score is 4.3, indicating a low priority threat with limited impact.

Compliance Impact

I don't know

Detection Guidance

I don't know

Mitigation Strategies

To mitigate the vulnerability in the Seraphinite Accelerator plugin, users should update the plugin to version 2.22.16 or later, where the issue has been patched.

Patchstack also offers automated updates for vulnerable plugins to provide rapid protection.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2024-54222. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart