CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-37926 – WordPress WP Accessibility Helper (WAH) plugin <= 0.6.2.9 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-37926
Missing Authorization vulnerability in Alex Volkov WP Accessibility Helper (WAH) allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WP Accessibility Helper (WAH): from n/a through 0.6.2.9. The WP Accessibility Helper (WAH) plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the wah_update_image_alt() function in all versions up to, and including, 0.6.2.9. This makes it possible for unauthenticated attackers to update image alts. • https://patchstack.com/database/vulnerability/wp-accessibility-helper/wordpress-wp-accessibility-helper-wah-plugin-0-6-2-8-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32831 – WordPress Accessibility Widget plugin <= 2.2 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-32831
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Lorna Timbah (webgrrrl) Accessibility Widget allows Stored XSS.This issue affects Accessibility Widget: from n/a through 2.2. Neutralización inadecuada de la entrada durante la vulnerabilidad de generación de páginas web ('Cross-site Scripting') en Lorna Timbah (webgrrrl) Accessibility Widget permite almacenar XSS. Este problema afecta el widget de accesibilidad: desde n/a hasta 2.2. The Accessibility Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via widget settings in versions up to, and including, 2.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. • https://patchstack.com/database/vulnerability/accessibility-widget/wordpress-accessibility-widget-plugin-2-2-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31423 – WordPress WP Accessibility Helper (WAH) plugin <= 0.6.2.5 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-31423
Missing Authorization vulnerability in Alex Volkov WP Accessibility Helper (WAH).This issue affects WP Accessibility Helper (WAH): from n/a through 0.6.2.5. Vulnerabilidad de autorización faltante en Alex Volkov WP Accessibility Helper (WAH). Este problema afecta a WP Accessibility Helper (WAH): desde n/a hasta 0.6.2.5. The WP Accessibility Helper (WAH) plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the update_attachment_alt() function in versions up to, and including, 0.6.2.5. This makes it possible for authenticated attackers, with subscriber-level access and above, to update attachment alts. • https://patchstack.com/database/vulnerability/wp-accessibility-helper/wordpress-wp-accessibility-helper-wah-plugin-0-6-2-5-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-24705 – WordPress Accessibility Plugin <= 1.0.6 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2024-24705
Cross-Site Request Forgery (CSRF) vulnerability in Octa Code Accessibility.This issue affects Accessibility: from n/a through 1.0.6. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Octa Code Accessibility. Este problema afecta a la accesibilidad: desde n/a hasta 1.0.6. The Accessibility plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.6. This is due to missing or incorrect nonce validation. • https://patchstack.com/database/vulnerability/accessibility/wordpress-accessibility-plugin-1-0-6-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-41869 – WP Accessibility Helper (WAH) <= 0.6.2.4 - Missing Authorization via AJAX action
https://notcve.org/view.php?id=CVE-2023-41869
The WP Accessibility Helper (WAH) plugin for WordPress is vulnerable to unauthorized use of AJAX actions due to a missing capability check on the wah_update_attachment_title function in versions up to, and including, 0.6.2.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to change attachment titles. • CWE-862: Missing Authorization •