PT-2026-20592 · WordPress · Web Accessibility By Accessibe

Rafshanzani Suhada

Publicado

2026-02-19

Atualizado

2026-02-23

CVE-2025-13113

CVSS v3.1

5.3

Média

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions Web Accessibility by accessiBe versions up to and including 2.11

Description The Web Accessibility by accessiBe plugin for WordPress is susceptible to exposure of sensitive information. This occurs because the accessibe render js in footer() function logs the complete plugin options array to the browser console on public pages without appropriate restrictions. This allows unauthenticated attackers to view sensitive configuration data, including email addresses, accessiBe user IDs, account IDs, and license information, via the browser console when the widget is disabled.

Recommendations Versions prior to 2.11 should be updated to a newer version that addresses this issue.

Correção

Information Disclosure

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-200

Identificadores relacionados

CVE-2025-13113

Produtos afetados

Web Accessibility By Accessibe

PT-2026-20592 · WordPress · Web Accessibility By Accessibe

CVE-2025-13113

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 5