Threat Entry Updated 2026-02-19

CVE-2025-13113 - Web Accessibility By Accessibe Plugin

The Web Accessibility by accessiBe plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.11. This is due to the `accessibe_render_js_in_footer()` function logging the complete plugin options array to the browser console on public pages, without restricting output to privileged users or checking for debug mode. This makes it possible for unauthenticated attackers to view sensitive configuration data, including email addresses, accessiBe user IDs, account IDs, and license information, via the browser console when the widget is disabled.

PLUGIN Web Accessibility By Accessibe

CVE-2025-13113

MEDIUM CVSS 5.3 2026-02-19

Risk Score

Open Full Technical Breakdown

Threat Entry Updated 2025-10-14

CVE-2025-10375 - Web Accessibility By Accessibe Plugin

The Web Accessibility By accessiBe plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.10. This is due to missing nonce validation on multiple AJAX actions including accessibe_signup, accessibe_login, accessibe_license_trial, accessibe_modify_config, and accessibe_add_verification_page. This makes it possible for unauthenticated attackers to modify plugin settings and create verification files via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

PLUGIN Web Accessibility By Accessibe

CVE-2025-10375

MEDIUM CVSS 4.3 2025-10-11

Risk Score

Open Full Technical Breakdown