PT-2026-20592 · WordPress · Web Accessibility By Accessibe
Rafshanzani Suhada
·
Published
2026-02-19
·
Updated
2026-02-23
·
CVE-2025-13113
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Web Accessibility by accessiBe versions up to and including 2.11
Description
The Web Accessibility by accessiBe plugin for WordPress is susceptible to exposure of sensitive information. This occurs because the
accessibe render js in footer() function logs the complete plugin options array to the browser console on public pages without appropriate restrictions. This allows unauthenticated attackers to view sensitive configuration data, including email addresses, accessiBe user IDs, account IDs, and license information, via the browser console when the widget is disabled.Recommendations
Versions prior to 2.11 should be updated to a newer version that addresses this issue.
Fix
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Web Accessibility By Accessibe