Web Accessibility By Accessibe
Approved changes feed: RSS · Atom
cpe:2.3:a:accessibewp:web_accessibility_by_accessibe:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Accessibewp (1870eca6-26d7-59f1-b040-0de7a6ba16ff) |
|---|---|
| Product | Web Accessibility By Accessibe (f188be6f-ddad-5e93-8b2c-6e0ac0aed777) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2025-13113 |
vulnerable | 2026-06-03 14:58:45.558817 |
Web Accessibility by accessiBe <= 2.11 - Unauthenticated Sensitive Information Exposure
MEDIUM (5.3)
The Web Accessibility by accessiBe plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.11. This is due to the `accessibe_render_js_in_footer()` function logging the complete plugin options array to the browser console on public pages, without restricting output to privileged users or checking for debug mode. This makes it possible for unauthenticated attackers to view sensitive configuration data, including email addresses, accessiBe user IDs, account IDs, and license information, via the browser console when the widget is disabled.
Published: 2026-02-19T03:25:18.315Z
Updated: 2026-04-08T17:14:16.141Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-10375 |
vulnerable | 2026-06-03 14:58:34.042691 |
Web Accessibility By accessiBe <= 2.10 - Cross-Site Request Forgery
MEDIUM (4.3)
The Web Accessibility By accessiBe plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.10. This is due to missing nonce validation on multiple AJAX actions including accessibe_signup, accessibe_login, accessibe_license_trial, accessibe_modify_config, and accessibe_add_verification_page. This makes it possible for unauthenticated attackers to modify plugin settings and create verification files via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Published: 2025-10-11T09:28:42.013Z
Updated: 2026-04-08T17:29:26.514Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.