WordPress Accessiy By CodeConfig Accessibility plugin <= 1.0.2 - Authenticated (Subscriber+) Missing Authorization to Modify Accessibility Settings vulnerability

Authenticated Subscriber+ Missing Authorization to Modify Accessibility Settings vulnerability discovered by Peerapat Samatathanyakorn - Thai Team CVE in WordPress Plugin CodeConfig Accessibility versions = 1.0.2...

CVE-2025-13309

The Accessiy By CodeConfig Accessibility – Easy One-Click Accessibility Toolbar That Truly Matters plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 1.0.2. This is due to the plugin not properly verifying that a user is authorized to perform an action...

EUVD-2025-201515

The Accessiy By CodeConfig Accessibility – Easy One-Click Accessibility Toolbar That Truly Matters plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 1.0.0. This is due to the plugin not properly verifying that a user is authorized to perform an action...

CVE-2025-13309 Accessiy By CodeConfig Accessibility – Easy One-Click Accessibility Toolbar That Truly Matters <= 1.0.2 - Authenticated (Subscriber+) Missing Authorization to Modify Accessibility Settings

The Accessiy By CodeConfig Accessibility – Easy One-Click Accessibility Toolbar That Truly Matters plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 1.0.2. This is due to the plugin not properly verifying that a user is authorized to perform an action...

CVE-2025-13309

CVE-2025-13309 documents confirm a WordPress plugin, Accessiy by CodeConfig Accessibility, is vulnerable to an authorization bypass. Affected versions up to and including 1.0.0 allow authenticated users with subscriber-level access and above to modify the plugin’s global accessibility settings du...

PT-2025-49340

The Accessiy By CodeConfig Accessibility – Easy One-Click Accessibility Toolbar That Truly Matters plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 1.0.0. This is due to the plugin not properly verifying that a user is authorized to perform an action...

EUVD-2025-26892

Malicious code in bioql PyPI...

CVE-2025-26439

In getComponentName of AccessibilitySettingsUtils.java, there is a possible way to for a malicious Talkback service to be enabled instead of the system component due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User...

CVE-2025-26439

In getComponentName of AccessibilitySettingsUtils.java, there is a possible way to for a malicious Talkback service to be enabled instead of the system component due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User...

CVE-2025-26439

In getComponentName of AccessibilitySettingsUtils.java, there is a possible way to for a malicious Talkback service to be enabled instead of the system component due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User...

CVE-2025-26439

In getComponentName of AccessibilitySettingsUtils.java, there is a possible way to for a malicious Talkback service to be enabled instead of the system component due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User...

CVE-2025-26439

In getComponentName of AccessibilitySettingsUtils.java, there is a possible way to for a malicious Talkback service to be enabled instead of the system component due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User...

PT-2025-36090

Name of the Vulnerable Software and Affected Versions: AccessibilitySettingsUtils.java affected versions not specified Description: A logic error in the getComponentName function within AccessibilitySettingsUtils.java may allow a malicious Talkback service to be enabled instead of the system...

PT-2024-30287 · Google · Android

Name of the Vulnerable Software and Affected Versions: Android affected versions not specified Description: The issue is related to a logic error in the code of AccessibilitySettings.java, specifically in the getInstalledAccessibilityPreferences method. This error could allow an enabled...

Stable Channel Update for Chrome OS

The Stable channel has been updated to 32.0.1700.95 Platform version: 4920.71.0 for all Chrome OS devices except Chromebook Pixel, which is expected in the upcoming days. This build contains a number of bug fixes, security updates and feature enhancements. Systems will be receiving updates over t...