Cross-Site Scripting Vulnerability in Accessibility Press by ikaes
CVE-2025-49355

5.9MEDIUM

Key Information:

Vendor

WordPress
Status
Accessibility Press
Vendor
CVE Published:
31 December 2025

What is CVE-2025-49355?

A Cross-Site Scripting (XSS) vulnerability in the Accessibility Press plugin by ikaes allows attackers to inject malicious scripts into web pages. This issue results in the stored XSS where user input is improperly handled during page generation. As a consequence, an attacker could exploit this vulnerability to execute arbitrary scripts in the context of victim users who access the affected application. Users of Accessibility Press versions up to and including 1.0.2 are recommended to update their installations to mitigate this risk.

Affected Version(s)

Accessibility Press <= 1.0.2

References

https://vdp.patchstack.com/database/wordpress/plugin/ilog...
vdb-entry

CVSS V3.1

Score:
5.9
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

HunSec | Patchstack Bug Bounty Program
JSON
.
CVE-2025-49355 : Cross-Site Scripting Vulnerability in Accessibility Press by ikaes