Accessibility Checker by Equalize Digital < 1.30.1 – Authenticated (Contributor+) Insecure Direct Object Reference | CVE 2025-57886 | Plugin Vulnerabilities

Description

The Equalize Digital Accessibility Checker – Audit Your Website for WCAG, ADA, and Section 508 Accessibility Errors plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.30.0 due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Contributor-level access and above, to perform an unauthorized action.

Affects Plugins

accessibility-checker

Fixed in 1.30.1

References

CVE

URL

https://www.wordfence.com/threat-intel/vulnerabilities/id/07f343cd-5181-48a3-bee7-a60dd9771d07

Classification

Type

IDOR

OWASP top 10

A5: Broken Access Control

CWE

CVSS

Miscellaneous

Original Researcher

n0_arafat_n0

Verified

No

WPVDB ID

e92e1b07-7944-44b4-916c-15d61479e04d

Timeline

Publicly Published

2025-08-22 (about 8 months ago)

Added

2025-08-26 (about 8 months ago)

Last Updated

2025-08-26 (about 8 months ago)

Other

Published

Title

Published

2025-01-10

Title

Unlimited Theme Addon For Elementor and WooCommerce < 1.2.3 - Authenticated (Contributor+) Post Disclosure

Published

2025-09-17

Title

Chained Quiz < 1.3.6 - Unauthenticated Insecure Direct Object Reference via Cookie

Published

2023-05-03

Title

WCFM Membership < 2.11.0 - Unauthenticated Arbitrary Password Update via IDOR

Published

2022-03-29

Title

DW Question & Answer Pro < 1.3.7 - Arbitrary Comment Edition via IDOR

Published

2025-06-24

Title

WP SmartPay < 2.8.0 - Authenticated (Subscriber+) Account Takeover