CVE-2026-2362

The WP Accessibility plugin for WordPress is vulnerable to Stored DOM-Based Cross-Site Scripting via the 'alt' attribute of images processed by the "Long Description UI" feature in all versions up to, and including, 2.3.1. This is due to the plugin's JavaScript retrieving the alt attribute using...

WordPress WP Accessibility plugin <= 2.3.1 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via 'alt' Attribute vulnerability

Authenticated Contributor+ Stored DOM-Based Cross-Site Scripting via 'alt' Attribute vulnerability discovered by Quốc Huy jtwings - Puramu in WordPress Plugin WP Accessibility versions = 2.3.1...

CVE-2025-63004 WordPress All in One Accessibility plugin <= 1.15 - Broken Access Control vulnerability

Missing Authorization vulnerability in Skynet Technologies USA LLC All in One Accessibility all-in-one-accessibility allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects All in One Accessibility: from n/a through = 1.15...

WordPress All in One Accessibility plugin <= 1.15 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin All in One Accessibility versions = 1.15...

WordPress Accessiy By CodeConfig Accessibility plugin <= 1.0.2 - Authenticated (Subscriber+) Missing Authorization to Modify Accessibility Settings vulnerability

Authenticated Subscriber+ Missing Authorization to Modify Accessibility Settings vulnerability discovered by Peerapat Samatathanyakorn - Thai Team CVE in WordPress Plugin CodeConfig Accessibility versions = 1.0.2...

WordPress plugin All in One Accessibility 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

CVE-2025-13309 Accessiy By CodeConfig Accessibility – Easy One-Click Accessibility Toolbar That Truly Matters <= 1.0.2 - Authenticated (Subscriber+) Missing Authorization to Modify Accessibility Settings

The Accessiy By CodeConfig Accessibility – Easy One-Click Accessibility Toolbar That Truly Matters plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 1.0.2. This is due to the plugin not properly verifying that a user is authorized to perform an action...

WordPress Web Accessibility By accessiBe plugin <= 2.10 - Cross-Site Request Forgery vulnerability

Cross-Site Request Forgery vulnerability discovered by Moose Love in WordPress Plugin Web Accessibility By accessiBe versions = 2.10...

CVE-2025-58664 WordPress Text To Speech TTS Accessibility plugin <= 1.9.30 - Broken Access Control vulnerability

Missing Authorization vulnerability in Azizul Hasan Text To Speech TTS Accessibility text-to-audio allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Text To Speech TTS Accessibility: from n/a through = 1.9.30...

CVE-2025-58664

CVE-2025-58664 concerns the WordPress plugin Text To Speech TTS Accessibility . According to connected data, there is a Missing Authorization vulnerability affecting version up to and including 1.9.24 (initial doc lists 1.9.20; Wordfence detail specifies

CVE-2024-11643

The Accessibility by AllAccessible plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'AllAccessiblesavesettings' function in all versions up to, and including, 1.3.4. This makes it possible for...

CVE-2024-9208 Enable Accessibility <= 1.4.1 - Reflected Cross-Site Scripting

The Enable Accessibility plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg & removequeryarg without appropriate escaping on the URL in all versions up to, and including, 1.4.1. This makes it possible for unauthenticated attackers to inject arbitrar...

PT-2024-17151 · WordPress · Accessibility By Allaccessible

Name of the Vulnerable Software and Affected Versions: Accessibility by AllAccessible plugin for WordPress versions up to, and including, 1.3.4 Description: The Accessibility by AllAccessible plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege...

WordPress WP Accessibility Helper (WAH) plugin <= 0.6.2.9 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Mika Patchstack Alliance in WordPress Plugin WP Accessibility Helper WAH versions = 0.6.2.9...

Malicious code in amcharts-accessibility-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 3d8c46b66a30d5f77349bdbe5c55b3412346a1b9ee26009a3ee535cdcf1e1677 The OpenSSF Package Analysis project identified 'amcharts-accessibility-plugin' @ 99.3.0 npm as malicious. It is considered malicious because: -...

CVE-2023-28933

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in StPeteDesign Call Now Accessibility Button plugin = 1.1 versions...

CVE-2022-41643

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Accessibility plugin = 1.0.3 on WordPress...

CVE-2022-41643

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Accessibility plugin = 1.0.3 on WordPress...

CVE-2022-41643 WordPress Accessibility plugin <= 1.0.3 - Auth. Stored Cross-Site Scripting (XSS) vulnerability

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Accessibility plugin = 1.0.3 on WordPress...

CVE-2022-41643

CVE-2022-41643 affects the WordPress Accessibility plugin (versions ≤ 1.0.3). The root cause is a stored XSS vulnerability in the plugin’s settings that requires admin+ privileges to exploit. Impact is limited to authenticated users with high privileges; CVSS vectors in the source material indica...