Skip to main content

Accessibility Checker CVE-2026-9199

| EUVDEUVD-2026-37837 MEDIUM
Missing Authorization (CWE-862)
2026-06-18 Wordfence GHSA-47pj-xq28-xxxm
4.3
CVSS 3.1 · Vendor: Wordfence
Share

Severity by source

Vendor (Wordfence) PRIMARY
4.3 MEDIUM
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
vuln.today AI
4.3 MEDIUM

Network REST API exploitation requires author-level auth (PR:L); impact is integrity-only on audit records, with no confidentiality or availability consequence.

3.1 AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
4.0 AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Primary rating from Vendor (Wordfence).

CVSS VectorVendor: Wordfence

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
None

Lifecycle Timeline

2
Analysis Generated
Jun 18, 2026 - 06:16 vuln.today
CVE Published
Jun 18, 2026 - 04:31 cve.org
MEDIUM 4.3

DescriptionCVE.org

The Equalize Digital Accessibility Checker - WCAG, ADA, EAA and Section 508 compliance plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.42.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with author-level access and above, to dismiss, ignore, or restore accessibility audit issue records belonging to posts they are not permitted to edit by supplying an issue from their own post as an authorization token to affect matching issues across the entire site. An Author-level user can exploit this by passing largeBatch=true on a dismiss-issue request referencing one of their own post's issues, causing the handler to bulk-modify all site-wide accessibility issues sharing the same 'object' value - including those belonging to administrator-owned posts.

AnalysisAI

Authorization bypass in Equalize Digital Accessibility Checker for WordPress (all versions ≤ 1.42.1) allows authenticated author-level users to dismiss, ignore, or restore accessibility audit records belonging to posts they do not own. The flaw lies in the plugin's REST API handler accepting the attacker's own issue ID as a sufficient authorization token, and the largeBatch=true parameter then triggers a bulk operation that propagates the action across all site-wide issues sharing the same 'object' value - including those on administrator-owned posts. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Authenticate as WordPress author
Delivery
Retrieve own post's accessibility issue ID via plugin UI or REST API
Exploit
Craft dismiss-issue REST request with issue ID as auth token and largeBatch=true
Execution
REST handler validates token against attacker's own post (passes)
Persist
Handler bulk-modifies all site-wide issues sharing the same object value
Impact
Compliance audit records on admin-owned posts silently suppressed

Vulnerability AssessmentAI

Exploitation Exploitation requires an authenticated WordPress user account with at minimum author-level access (Contributor role is below this threshold and is not sufficient). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The NVD-assigned CVSS 4.3 (Medium) accurately reflects the constrained blast radius of this vulnerability. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An authenticated WordPress author logs into a site running the vulnerable plugin, navigates to one of their own posts that has an accessibility audit issue recorded, and captures that issue's ID from the plugin interface or REST API response. The attacker then crafts a REST API dismiss-issue request referencing their own issue ID as the authorization token and includes the `largeBatch=true` parameter. …
Remediation Update the Equalize Digital Accessibility Checker plugin to a version beyond 1.42.1. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-9199 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy