Description
Missing Authorization vulnerability in Equalize Digital Accessibility Checker by Equalize Digital accessibility-checker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Accessibility Checker by Equalize Digital: from n/a through <= 1.31.0.
Published: 2025-09-09
Score: 5.4 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability in Equalize Digital Accessibility Checker by Equalize Digital arises from incorrectly configured access control security levels. An attacker who can exploit this flaw can gain unauthorized access to plugin functionality or administrative features that should be restricted. The primary impact is the potential compromise of confidentiality and integrity within the WordPress installation, allowing misuse of the plugin’s capabilities without proper authorization. This weakness is identified by CWE-862.

Affected Systems

WordPress installations that use the Accessibility Checker by Equalize Digital plugin, specifically any deployment of versions 1.31.0 or earlier. The vulnerability applies to all WordPress sites where this plugin is installed, regardless of the overall WordPress version, since the flaw resides entirely within the plugin code.

Risk and Exploitability

The CVSS score of 5.4 designates the flaw as a moderate risk, while the EPSS of less than 1% indicates a low probability of exploitation in the wild. The vulnerability is not listed in the CISA KEV catalog, suggesting it has not yet been observed in active attacks. Likely, the attack vector is remote via the WordPress web interface, where an attacker can interact with the plugin’s endpoints to elevate privileges or modify settings. Until a patch is applied, the risk remains moderate but low based on current exploitation statistics.

Generated by OpenCVE AI on April 30, 2026 at 01:55 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to the latest version of the Accessibility Checker plugin if a new release that fixes the access control issue is available.
  • If an update is unavailable, disable or remove the plugin from the site to eliminate the attack surface.
  • Audit WordPress role and capability settings, ensuring that only authorized administrators can interact with plugin features.

Generated by OpenCVE AI on April 30, 2026 at 01:55 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-27395 Missing Authorization vulnerability in Equalize Digital Accessibility Checker by Equalize Digital allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Accessibility Checker by Equalize Digital: from n/a through 1.31.0.
History

Thu, 23 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 5.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N'}

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in Equalize Digital Accessibility Checker by Equalize Digital allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Accessibility Checker by Equalize Digital: from n/a through 1.31.0. Missing Authorization vulnerability in Equalize Digital Accessibility Checker by Equalize Digital accessibility-checker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Accessibility Checker by Equalize Digital: from n/a through <= 1.31.0.
References
Metrics cvssV3_1

{'score': 5.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N'}

Tue, 09 Sep 2025 21:45:00 +0000

Type Values Removed Values Added
First Time appeared Wordpress
Wordpress wordpress
Vendors & Products Wordpress
Wordpress wordpress

Tue, 09 Sep 2025 18:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 09 Sep 2025 16:45:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in Equalize Digital Accessibility Checker by Equalize Digital allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Accessibility Checker by Equalize Digital: from n/a through 1.31.0.
Title WordPress Accessibility Checker by Equalize Digital Plugin <= 1.31.0 - Broken Access Control Vulnerability
Weaknesses CWE-862
References
Metrics cvssV3_1

{'score': 5.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N'}

Subscriptions

Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-28T16:13:50.819Z

Reserved: 2025-09-06T04:45:16.550Z

Link: CVE-2025-58981

cve-icon Vulnrichment

Updated: 2025-09-09T17:49:18.629Z

cve-icon NVD

Status : Deferred

Published: 2025-09-09T17:16:12.320

Modified: 2026-04-23T15:33:59.323

Link: CVE-2025-58981

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-30T02:00:13Z

Weaknesses