WordPress Ally - Web Accessibility & Usability plugin <= 4.0.3 - Unauthenticated SQL Injection via URL Path vulnerability

WordPress Ally - Web Accessibility & Usability plugin = 4.0.3 - Unauthenticated SQL Injection via URL Path vulnerability discovered by Drew Webber mcdruid in WordPress Plugin Ally versions = 4.0.3...

WordPress Ally plugin <= 4.0.2 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nguyen Ba Khanh in WordPress Plugin Ally versions = 4.0.2...

CVE-2026-25386

The CVE-2026-25386 entry concerns the WordPress Ally plugin (pojo-accessibility) with Missing Authorization/Broken Access Control in versions up to and including 4.0.2. Connected sources (Wordfence/intelligence report and CVE tracking) confirm the affected software and the underlying issue—improp...

CVE-2026-25386 WordPress Ally plugin <= 4.0.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in Elementor Ally pojo-accessibility allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ally: from n/a through = 4.0.2...

CVE-2026-25386 WordPress Ally plugin <= 4.0.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in Elementor Ally pojo-accessibility allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ally: from n/a through = 4.0.2...

WordPress Ally plugin stack buffer overflow vulnerability

WordPress Ally plugin is a free and open source WordPress plugin, mainly used to improve the accessibility of the website Accessibility, to help users simplify the website accessibility process. A stack buffer overflow vulnerability exists in the WordPress Ally plugin, which originates from the...

WordPress Ally plugin <= 3.8.0 - Cross-Site Request Forgery to plugin Settings Update vulnerability

Cross-Site Request Forgery to plugin Settings Update vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin Ally versions = 3.8.0...