cleantalk
Vulnerabilities and Security Researches

Vulnerabilities and security researches foraccordion-and-accordion-slider accordion-and-accordion-slider

Direction: ascending
Jun 07, 2024

Accordion and Accordion Slider # 6138e7050107a73604e58c0ce87007d90e20c2b1

CVE, Research URL

6138e7050107a73604e58c0ce87007d90e20c2b1

Home page URL

Security reports for Accordion and Accordion Slider

Application

Accordion and Accordion Slider

Date
Aug 11, 2023
Research Description
Accordion and Accordion Slider [accordion-and-accordion-slider] < 1.2.5 WordPress Accordion and Accordion Slider Plugin <= 1.2.4 is vulnerable to Broken Access Control Update the WordPress Accordion and Accordion Slider plugin to the latest available version (at least 1.2.5). Cat discovered and reported this Broken Access Control vulnerability in WordPress Accordion and Accordion Slider Plugin. A broken access control issue refers to a missing authorization, authentication or nonce token check in a function that could lead to an unprivileged user to executing a certain higher privileged action. This vulnerability has been fixed in version 1.2.5.
Affected versions
max 1.2.5.
Status
vulnerable
Jun 10, 2024

Accordion and Accordion Slider # CVE-2023-39996

CVE, Research URL

CVE-2023-39996

Home page URL

Security reports for Accordion and Accordion Slider

Application

Accordion and Accordion Slider

Date
Dec 13, 2024
Research Description
Missing Authorization vulnerability in WP OnlineSupport, Essential Plugin Accordion and Accordion Slider allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Accordion and Accordion Slider: from n/a through 1.2.4.
Affected versions
max 1.2.5.
Status
vulnerable
Apr 15, 2026

Accordion and Accordion Slider # CVE-2026-0727

CVE, Research URL

CVE-2026-0727

Home page URL

Security reports for Accordion and Accordion Slider

Application

Accordion and Accordion Slider

Date
Feb 14, 2026
Research Description
The Accordion and Accordion Slider plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.4.5. This is due to the plugin not properly verifying that a user is authorized to perform an action in the 'wp_aas_save_attachment_data' and 'wp_aas_get_attachment_edit_form' functions. This makes it possible for authenticated attackers, with contributor level access and above, to read and modify attachment metadata including file paths, titles, captions, alt text, and custom links for any attachment on the site.
Affected versions
max 1.4.6.
Status
vulnerable