PT-2025-49341 · WordPress · Accessiy By Codeconfig Accessibility
Athiwat Tiprasaharn
·
Published
2025-12-06
·
Updated
2025-12-06
·
CVE-2025-13358
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Accessiy By CodeConfig Accessibility plugin for WordPress versions up to and including 1.0.0
Description
The Accessiy By CodeConfig Accessibility plugin for WordPress is susceptible to unauthorized page creation because of absent authorization checks. The plugin does not perform capability checks within the
Settings::createPage() function. This allows authenticated attackers with Subscriber-level access or higher to create arbitrary published pages on the site through the ccpcaCreatePage AJAX action.Recommendations
Update the Accessiy By CodeConfig Accessibility plugin to a version beyond 1.0.0.
Fix
Missing Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Accessiy By Codeconfig Accessibility