Vulnerabilities and security researches forwp-accessibility-helper wp-accessibility-helper

Jun 06, 2024

CVE, Research URL: CVE-2024-31423
Home page URL: Security reports for WP Accessibility Helper (WAH)
Application: WP Accessibility Helper (WAH)
Date: Jun 09, 2024
Research Description: Missing Authorization vulnerability in Alex Volkov WP Accessibility Helper (WAH).This issue affects WP Accessibility Helper (WAH): from n/a through 0.6.2.5.
Affected versions: max 0.6.2.6.
Status: vulnerable

CVE, Research URL: CVE-2022-0150
Home page URL: Security reports for WP Accessibility Helper (WAH)
Application: WP Accessibility Helper (WAH)
Date: Feb 28, 2022
Research Description: The WP Accessibility Helper (WAH) WordPress plugin before 0.6.0.7 does not sanitise and escape the wahi parameter before outputting back its base64 decode value in the page, leading to a Reflected Cross-Site Scripting issue
Affected versions: max 0.6.0.7.
Status: vulnerable

Jun 10, 2024

CVE, Research URL: CVE-2023-41869
Home page URL: Security reports for WP Accessibility Helper (WAH)
Application: WP Accessibility Helper (WAH)
Date: Dec 13, 2024
Research Description: Missing Authorization vulnerability in Alex Volkov WP Accessibility Helper (WAH) allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Accessibility Helper (WAH): from n/a through 0.6.2.4.
Affected versions: max 0.6.2.5.
Status: vulnerable

Jul 13, 2024

CVE, Research URL: CVE-2024-37926
Home page URL: Security reports for WP Accessibility Helper (WAH)
Application: WP Accessibility Helper (WAH)
Date: Nov 01, 2024
Research Description: Missing Authorization vulnerability in Alex Volkov WP Accessibility Helper (WAH) allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WP Accessibility Helper (WAH): from n/a through 0.6.2.9.
Affected versions: max 0.6.3.
Status: vulnerable

Aug 29, 2024

CVE, Research URL: CVE-2024-5987
Home page URL: Security reports for WP Accessibility Helper (WAH)
Application: WP Accessibility Helper (WAH)
Date: Aug 29, 2024
Research Description: The WP Accessibility Helper (WAH) plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'save_contrast_variations' and 'save_empty_contrast_variations' functions in all versions up to, and including, 0.6.2.8. This makes it possible for authenticated attackers, with Subscriber-level access and above, to edit or delete contrast settings. Please note these issues were patched in 0.6.2.8, though it broke functionality and the vendor has not responded to our follow-ups.
Affected versions: max 0.6.2.9.
Status: vulnerable