Authorization Bypass in Accordion and Accordion Slider Plugin for WordPress
CVE-2026-0727

5.4MEDIUM

Key Information:

Vendor

WordPress
Status
Accordion And Accordion Slider
Vendor
CVE Published:
14 February 2026

What is CVE-2026-0727?

The Accordion and Accordion Slider plugin for WordPress exhibits a serious authorization bypass vulnerability that impacts all versions up to and including 1.4.5. This flaw arises from the inadequate verification of user permissions in critical functions like 'wp_aas_save_attachment_data' and 'wp_aas_get_attachment_edit_form'. Consequently, authenticated attackers with contributor-level access or higher can exploit this weakness to read and manipulate attachment metadata, encompassing file paths, titles, captions, alt text, and custom links for any media attachment on the WordPress site, potentially leading to data exposure and unauthorized changes.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Accordion and Accordion Slider * <= 1.4.5

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...
https://plugins.trac.wordpress.org/browser/accordion-and-...

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Kazuma Matsumoto
JSON
.