PT-2025-41666 · WordPress · Web Accessibility By Accessibe
Moose Love
·
Published
2025-10-11
·
Updated
2025-10-11
·
CVE-2025-10375
CVSS v3.1
4.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Web Accessibility By accessiBe plugin for WordPress versions through 2.10
Description
The Web Accessibility By accessiBe plugin for WordPress is susceptible to Cross-Site Request Forgery. This is caused by a lack of nonce validation on several AJAX actions, including
accessibe signup, accessibe login, accessibe license trial, accessibe modify config, and accessibe add verification page. An unauthenticated attacker can potentially modify plugin settings and create verification files by deceiving a site administrator into performing an action.Recommendations
Update the Web Accessibility By accessiBe plugin for WordPress to a version later than 2.10.
Fix
CSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Web Accessibility By Accessibe