Description
Missing Authorization vulnerability in Ability, Inc Accessibility Suite online-accessibility allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Accessibility Suite: from n/a through <= 4.18.
Published: 2025-02-14
Score: 6.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Missing authorization in Ability, Inc.'s Accessibility Suite plugin allows attackers to exploit incorrect access control, granting them unauthorized access to plugin functions or data that should be restricted. The vulnerability is a CWE‑862 missing authorization weakness, and the impact includes unauthorized read or modification of plugin configuration, potentially compromising the site’s confidentiality and integrity. Based on typical security consequences of missing authorization, it is inferred that the attacker could read or modify plugin configuration, affecting confidentiality and integrity.

Affected Systems

The vulnerability affects the WordPress Accessibility Suite plugin, version 4.18 and earlier, developed by Ability, Inc. All installations of that plugin running those versions are impacted.

Risk and Exploitability

The CVSS score of 6.3 signals medium severity while the EPSS score of <1% indicates a very low likelihood of exploitation as of current data. The plugin is publicly accessible and the description indicates exploitation through incorrectly configured access control, so it is inferred that the attack vector is remote via the public web interface. Exploitation requires no privileged account and is not listed in the CISA KEV catalog.

Generated by OpenCVE AI on May 2, 2026 at 09:11 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Obtain the newest release of Accessibility Suite from Ability, Inc. and verify that the vulnerability is resolved.
  • Restrict access to the plugin’s administrative endpoints using network controls or user role restrictions to minimize exposure.
  • Temporarily disable the plugin until a fixed version is installed.

Generated by OpenCVE AI on May 2, 2026 at 09:11 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-2924 Missing Authorization vulnerability in Ability, Inc Accessibility Suite by Online ADA allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Accessibility Suite by Online ADA: from n/a through 4.16.
History

Wed, 29 Apr 2026 10:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 6.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L'}

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in Ability, Inc Accessibility Suite by Online ADA allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Accessibility Suite by Online ADA: from n/a through 4.16. Missing Authorization vulnerability in Ability, Inc Accessibility Suite online-accessibility allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Accessibility Suite: from n/a through <= 4.18.
Title WordPress Accessibility Suite by Ability, Inc plugin <= 4.16 - Multiple Broken Access Control vulnerability WordPress Accessibility Suite by Ability, Inc plugin <= 4.18 - Multiple Broken Access Control vulnerability
References
Metrics cvssV3_1

{'score': 6.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L'}

Mon, 14 Jul 2025 13:45:00 +0000

Type Values Removed Values Added
Metrics epss

{'score': 0.00046}

 epss

{'score': 0.00051}

Sun, 13 Jul 2025 13:45:00 +0000

Type Values Removed Values Added
Metrics epss

{'score': 0.00064}

 epss

{'score': 0.00046}

Fri, 14 Feb 2025 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 14 Feb 2025 13:00:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in Ability, Inc Accessibility Suite by Online ADA allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Accessibility Suite by Online ADA: from n/a through 4.16.
Title WordPress Accessibility Suite by Ability, Inc plugin <= 4.16 - Multiple Broken Access Control vulnerability
Weaknesses CWE-862
References
Metrics cvssV3_1

{'score': 6.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-29T09:51:53.759Z

Reserved: 2025-01-07T21:03:24.132Z

Link: CVE-2025-22698

cve-icon Vulnrichment

Updated: 2025-02-14T13:32:17.304Z

cve-icon NVD

Status : Deferred

Published: 2025-02-14T13:15:42.757

Modified: 2026-04-29T10:16:39.733

Link: CVE-2025-22698

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-02T09:15:26Z

Weaknesses