| CVE-2026-3773 | Accessibility Suite by Ability, Inc <= 4.20 - Authenticated (Subscriber+) SQL Injection via 'scan_id' Parameter | onlineada | Accessibility Suite by Ability, Inc | Medium | 6.5 | 2026-04-16 05:29:55 | Deep Dive |
| CVE-2026-3643 | Accessibly <= 3.0.3 - Missing Authorization to Unauthenticated Stored Cross-Site Scripting via Widget Source Injection via REST API | onthemapmarketing | Accessibly – WordPress Website Accessibility | High | 7.2 | 2026-04-15 08:28:18 | Deep Dive |
| CVE-2026-2413 | Ally – Web Accessibility & Usability <= 4.0.3 - Unauthenticated SQL Injection via URL Path | elemntor | Ally – Web Accessibility & Usability | High | 7.5 | 2026-03-11 04:25:46 | Deep Dive |
| CVE-2026-2362 | WP Accessibility <= 2.3.1 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via 'alt' Attribute | joedolson | WP Accessibility | Medium | 6.4 | 2026-02-27 08:24:20 | Deep Dive |
| CVE-2025-13113 | Web Accessibility by accessiBe <= 2.11 - Unauthenticated Sensitive Information Exposure | accessibewp | Web Accessibility by accessiBe | Medium | 5.3 | 2026-02-19 03:25:18 | Deep Dive |
| CVE-2026-1808 | Orange Confort+ accessibility toolbar for WordPress <= 0.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes | ravanh | Orange Comfort+ accessibility toolbar for WordPress | Medium | 6.4 | 2026-02-06 06:46:29 | Deep Dive |
| CVE-2026-24629 | WordPress Web Accessibility with Max Access plugin <= 2.1.0 - Cross Site Scripting (XSS) vulnerability | Ability, Inc | Web Accessibility with Max Access | 中危 | - | 2026-01-23 14:29:08 | Deep Dive |
| CVE-2025-49355 | WordPress Accessibility Press plugin <= 1.0.2 - Cross Site Scripting (XSS) vulnerability | ikaes | Accessibility Press | Medium | 5.9 | 2025-12-31 17:21:51 | Deep Dive |
| CVE-2025-63004 | WordPress All in One Accessibility plugin <= 1.15 - Broken Access Control vulnerability | Skynet Technologies USA LLC | All in One Accessibility | Medium | 4.3 | 2025-12-31 16:06:59 | Deep Dive |
| CVE-2025-64246 | WordPress Accessibility by AudioEye plugin <= 1.0.49 - Broken Access Control vulnerability | netopsae | Accessibility by AudioEye | Medium | 4.3 | 2025-12-16 08:12:49 | Deep Dive |
| CVE-2025-13358 | Accessiy By CodeConfig Accessibility <= 1.0.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Page Creation | codeconfig | Accessiy by CodeConfig – Accessibility Widgets for ADA, EAA & WCAG Compliance | Medium | 5.3 | 2025-12-06 05:49:36 | Deep Dive |
| CVE-2025-13309 | Accessiy By CodeConfig Accessibility – Easy One-Click Accessibility Toolbar That Truly Matters <= 1.0.2 - Authenticated (Subscriber+) Missing Authorization to Modify Accessibility Settings | codeconfig | Accessiy by CodeConfig – Accessibility Widgets for ADA, EAA & WCAG Compliance | Medium | 4.3 | 2025-12-06 05:49:36 | Deep Dive |
| CVE-2025-66112 | WordPress Accessibility Toolkit by WebYes plugin <= 2.0.4 - Broken Access Control vulnerability | WebToffee | Accessibility Toolkit by WebYes | 中危 | - | 2025-11-21 12:30:06 | Deep Dive |
| CVE-2025-49920 | WordPress Web Accessibility By accessiBe plugin <= 2.10 - Broken Access Control vulnerability | accessiBe | Web Accessibility By accessiBe | Medium | 5.4 | 2025-10-22 14:32:13 | Deep Dive |
| CVE-2025-10700 | Ally - Web Accessibility & Usability <= 3.8.0 - Cross-Site Request Forgery to Plugin Settings Update | elemntor | Ally – Web Accessibility & Usability | Medium | 4.3 | 2025-10-16 02:25:10 | Deep Dive |
| CVE-2025-10375 | Web Accessibility By accessiBe <= 2.10 - Cross-Site Request Forgery | accessibewp | Web Accessibility by accessiBe | Medium | 4.3 | 2025-10-11 09:28:42 | Deep Dive |
| CVE-2025-58664 | WordPress Text To Speech TTS Accessibility plugin <= 1.9.30 - Broken Access Control vulnerability | Azizul Hasan | Text To Speech TTS Accessibility | Medium | 4.3 | 2025-09-22 18:22:59 | Deep Dive |
| CVE-2025-58976 | WordPress Accessibility Checker by Equalize Digital Plugin <= 1.31.0 - Broken Access Control Vulnerability | Equalize Digital | Accessibility Checker by Equalize Digital | Medium | 4.3 | 2025-09-09 16:33:19 | Deep Dive |
| CVE-2025-58981 | WordPress Accessibility Checker by Equalize Digital Plugin <= 1.31.0 - Broken Access Control Vulnerability | Equalize Digital | Accessibility Checker by Equalize Digital | Medium | 5.4 | 2025-09-09 16:33:16 | Deep Dive |
| CVE-2025-57886 | WordPress Accessibility Checker by Equalize Digital Plugin <= 1.30.0 - Insecure Direct Object References (IDOR) Vulnerability | Equalize Digital | Accessibility Checker by Equalize Digital | Medium | 5.4 | 2025-08-22 11:59:54 | Deep Dive |