Elemntor Ally Web Accessibility Usability vulnerabilities
2 known vulnerabilities affecting elemntor/ally_web_accessibility_usability.
Total CVEs
2
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
HIGH1MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2026-2413P2HIGHCVSS 7.5PoC≤ 4.0.32026-03-11
CVE-2026-2413 [HIGH] CWE-89 CVE-2026-2413: The Ally – Web Accessibility & Usability plugin for WordPress is vulnerable to SQL Injection via the
The Ally – Web Accessibility & Usability plugin for WordPress is vulnerable to SQL Injection via the URL path in all versions up to, and including, 4.0.3. This is due to insufficient escaping on the user-supplied URL parameter in the `get_global_remediations()` method, where it is directly concatenated into an SQL JOIN clause without proper sanitization
nvd
CVE-2025-10700P4MEDIUMCVSS 4.3≤ 3.8.02025-10-16
CVE-2025-10700 [MEDIUM] CWE-352 CVE-2025-10700: The Ally – Web Accessibility & Usability plugin for WordPress is vulnerable to Cross-Site Request Fo
The Ally – Web Accessibility & Usability plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.8.0. This is due to missing or incorrect nonce validation on the enable_unfiltered_files_upload function. This makes it possible for unauthenticated attackers to enable unfiltered file upload and add svg f
nvd