PT-2026-33268 · Ability · Accessibility Suite
Victor Pasman
·
Published
2026-04-16
·
Updated
2026-04-24
·
CVE-2026-3773
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Accessibility Suite by Ability, Inc versions prior to 4.21
Description
The Accessibility Suite by Ability, Inc plugin for WordPress contains a flaw allowing authenticated attackers with Subscriber-level access or higher to perform SQL Injection. This occurs because the
scan id parameter is not properly escaped and the SQL query is not sufficiently prepared, enabling the execution of additional queries to extract sensitive information from the database.Recommendations
Update the plugin to a version later than 4.20.
As a temporary workaround, restrict access to the
scan id parameter until the update is applied.Fix
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Accessibility Suite