The vulnerability is a missing authorization flaw that allows an attacker to access restricted functionality within the Accessibility Checker plugin. This flaw corresponds to CWE‑862 and can enable users without sufficient privileges to perform administrative actions or view privileged data. The direct consequence is that untrusted parties could manipulate accessibility settings or potentially expose sensitive information controlled by the plugin.

Equalize Digital’s Accessibility Checker WordPress plugin, versions up to and including 1.31.0, is affected. All WordPress installations that have the plugin installed at this or earlier versions are at risk.

The CVSS score of 4.3 indicates a medium severity, and the EPSS score of less than 1% shows a low likelihood of exploitation at present. The vulnerability is not listed in the CISA KEV catalog. Based on the description, it is inferred that attackers could exploit the flaw by accessing the plugin’s administrative interface or any exposed endpoints that rely on the broken access control, without needing higher-level credentials. Preventing unauthorized entry points or restricting user roles is essential to mitigate this risk.