21 matches found
WordPress Accessibility Suite by Ability, Inc plugin <= 4.20 - Authenticated (Subscriber+) SQL Injection via 'scan_id' Parameter vulnerability
Authenticated Subscriber+ SQL Injection via 'scanid' Parameter vulnerability discovered by Victor Pasman in WordPress Plugin Accessibility Suite versions = 4.20...
CVE-2026-2362
The WP Accessibility plugin for WordPress is vulnerable to Stored DOM-Based Cross-Site Scripting via the 'alt' attribute of images processed by the "Long Description UI" feature in all versions up to, and including, 2.3.1. This is due to the plugin's JavaScript retrieving the alt attribute using...
CVE-2026-2362 WP Accessibility <= 2.3.1 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via 'alt' Attribute
The WP Accessibility plugin for WordPress is vulnerable to Stored DOM-Based Cross-Site Scripting via the 'alt' attribute of images processed by the "Long Description UI" feature in all versions up to, and including, 2.3.1. This is due to the plugin's JavaScript retrieving the alt attribute using...
CVE-2026-2362 WP Accessibility <= 2.3.1 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via 'alt' Attribute
The WP Accessibility plugin for WordPress is vulnerable to Stored DOM-Based Cross-Site Scripting via the 'alt' attribute of images processed by the "Long Description UI" feature in all versions up to, and including, 2.3.1. This is due to the plugin's JavaScript retrieving the alt attribute using...
CVE-2026-2362
CVE-2026-2362 affects the WP Accessibility plugin for WordPress (versions
WordPress plugin WP Accessibility 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
CVE-2022-0150
The WP Accessibility Helper WAH WordPress plugin before 0.6.0.7 does not sanitise and escape the wahi parameter before outputting back its base64 decode value in the page, leading to a Reflected Cross-Site Scripting issue...
WordPress Accessibility Checker by Equalize Digital Plugin <= 1.31.0 - Broken Access Control Vulnerability
Broken Access Control Vulnerability discovered by Certus Cybersecurity in WordPress Plugin Accessibility Checker by Equalize Digital versions = 1.31.0...
CVE-2025-58981 WordPress Accessibility Checker by Equalize Digital Plugin <= 1.31.0 - Broken Access Control Vulnerability
Missing Authorization vulnerability in Equalize Digital Accessibility Checker by Equalize Digital accessibility-checker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Accessibility Checker by Equalize Digital: from n/a through = 1.31.0...
WordPress Accessibility Checker by Equalize Digital Plugin <= 1.30.0 - Insecure Direct Object References (IDOR) Vulnerability
Insecure Direct Object References IDOR Vulnerability discovered by n0arafatn0 in WordPress Plugin Accessibility Checker by Equalize Digital versions = 1.30.0...
CVE-2025-57886 WordPress Accessibility Checker by Equalize Digital Plugin <= 1.30.0 - Insecure Direct Object References (IDOR) Vulnerability
Authorization Bypass Through User-Controlled Key vulnerability in Equalize Digital Accessibility Checker by Equalize Digital accessibility-checker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Accessibility Checker by Equalize Digital: from n/a through...
CVE-2025-57886 WordPress Accessibility Checker by Equalize Digital Plugin <= 1.30.0 - Insecure Direct Object References (IDOR) Vulnerability
Authorization Bypass Through User-Controlled Key vulnerability in Equalize Digital Accessibility Checker by Equalize Digital allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Accessibility Checker by Equalize Digital: from n/a through 1.30.0...
CVE-2025-30636 WordPress Accessibility Suite plugin <= 4.19 - Broken Access Control Vulnerability
Missing Authorization vulnerability in Ability, Inc Accessibility Suite online-accessibility allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Accessibility Suite: from n/a through = 4.19...
CVE-2025-32650 WordPress Accessibility Suite by Ability, Inc plugin <= 4.18 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Ability, Inc Accessibility Suite online-accessibility allows SQL Injection.This issue affects Accessibility Suite: from n/a through = 4.18...
CVE-2025-32215 WordPress Accessibility Suite plugin <= 4.18 - Arbitrary File Upload vulnerability
Unrestricted Upload of File with Dangerous Type vulnerability in Ability, Inc Accessibility Suite online-accessibility allows Stored XSS.This issue affects Accessibility Suite: from n/a through = 4.18...
CVE-2025-32215 WordPress Accessibility Suite plugin <= 4.18 - Arbitrary File Upload vulnerability
Unrestricted Upload of File with Dangerous Type vulnerability in Ability, Inc Accessibility Suite online-accessibility allows Stored XSS.This issue affects Accessibility Suite: from n/a through = 4.18...
WordPress Accessibility Suite by Ability, Inc plugin <= 4.18 - SQL Injection vulnerability
SQL Injection vulnerability discovered by Aiden Thái An in WordPress Plugin Accessibility Suite versions = 4.18...
WordPress Accessibility Suite by Ability, Inc plugin <= 4.18 - Multiple Broken Access Control vulnerability
Multiple Broken Access Control vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Plugin Accessibility Suite versions = 4.18...
CVE-2025-23725 WordPress Accessibility Task Manager plugin <= 1.2.1 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in pshikli Accessibility Task Manager accessibility-task-manager allows Reflected XSS.This issue affects Accessibility Task Manager: from n/a through = 1.2.1...
CVE-2024-5987
The WP Accessibility Helper WAH plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'savecontrastvariations' and 'saveemptycontrastvariations' functions in all versions up to, and including, 0.6.2.8. This makes it possible for...