Equalize Digital Accessibility Checker Wcag Ada Eaa And Section 508 Compliance
Monthly
Authorization bypass in Equalize Digital Accessibility Checker for WordPress (all versions ≤ 1.42.1) allows authenticated author-level users to dismiss, ignore, or restore accessibility audit records belonging to posts they do not own. The flaw lies in the plugin's REST API handler accepting the attacker's own issue ID as a sufficient authorization token, and the `largeBatch=true` parameter then triggers a bulk operation that propagates the action across all site-wide issues sharing the same 'object' value - including those on administrator-owned posts. No public exploit identified at time of analysis, and this CVE is not listed in CISA KEV; however, the Wordfence advisory includes direct source code references confirming the vulnerable logic.
Authorization bypass in Equalize Digital Accessibility Checker for WordPress (all versions ≤ 1.42.1) allows authenticated author-level users to dismiss, ignore, or restore accessibility audit records belonging to posts they do not own. The flaw lies in the plugin's REST API handler accepting the attacker's own issue ID as a sufficient authorization token, and the `largeBatch=true` parameter then triggers a bulk operation that propagates the action across all site-wide issues sharing the same 'object' value - including those on administrator-owned posts. No public exploit identified at time of analysis, and this CVE is not listed in CISA KEV; however, the Wordfence advisory includes direct source code references confirming the vulnerable logic.