cleantalk
Vulnerabilities and Security Researches

Accordion and Accordion Slider, CVE-2026-0727

CVE, Research URL

CVE-2026-0727

Home page URL

Security reports for Accordion and Accordion Slider

Application

Accordion and Accordion Slider

Published on
Feb 14, 2026
Research Description
The Accordion and Accordion Slider plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.4.5. This is due to the plugin not properly verifying that a user is authorized to perform an action in the 'wp_aas_save_attachment_data' and 'wp_aas_get_attachment_edit_form' functions. This makes it possible for authenticated attackers, with contributor level access and above, to read and modify attachment metadata including file paths, titles, captions, alt text, and custom links for any attachment on the site.
Affected versions
max 1.4.6.
Status
vulnerable
Previous vulnerability researches
Easy Author Image (79fa8f492d7f28c4425b1902bfd74de74f041e65) , Jun 07, 2024
Easy Author Image (CVE-2026-1373) , Apr 15, 2026
New vulnerability
Online Ordering System For Restaurants & Local Retail by Orderable (CVE-2026-0974) , Apr 15, 2026
Geo Mashup (CVE-2026-2416) , Apr 15, 2026
InteractiveCalculator for WordPress (CVE-2026-1807) , Apr 15, 2026
PhotoStack Gallery (CVE-2026-2024) , Apr 15, 2026
Rise Blocks – A Complete Gutenberg Page Builder (CVE-2026-1614) , Apr 15, 2026