Authorization Bypass in Accessiy By CodeConfig Accessibility Plugin for WordPress

CVE-2025-13309

What is CVE-2025-13309?

The Accessiy By CodeConfig Accessibility plugin for WordPress is susceptible to an authorization bypass vulnerability. In versions up to and including 1.0.0, the plugin fails to adequately verify user permissions, allowing authenticated attackers with subscriber-level access or higher to alter the plugin's global accessibility settings. This oversight can lead to unauthorized modifications, compromising the integrity of accessibility features intended for users. It highlights the necessity for proper user authorization checks in plugin development.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch →

References