SQL Injection Vulnerability in Accessibility Suite Plugin by Ability, Inc. for WordPress
CVE-2026-3773

6.5MEDIUM

Key Information:

Vendor

WordPress
Status
Accessibility Suite By Ability, Inc
Vendor
CVE Published:
16 April 2026

What is CVE-2026-3773?

The Accessibility Suite plugin developed by Ability, Inc. for WordPress contains a vulnerability that exposes it to SQL Injection attacks via the 'scan_id' parameter. This vulnerability affects all versions of the plugin up to and including 4.20. Insufficient escaping of user-supplied input combined with inadequate SQL query preparation allows authenticated attackers with Subscriber-level access and above to inject malicious SQL queries. This can potentially lead to unauthorized access to sensitive database information, highlighting the need for timely remediation to protect user data.

Affected Version(s)

Accessibility Suite by Ability, Inc 0 <= 4.20

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...
https://plugins.trac.wordpress.org/browser/online-accessi...
https://plugins.trac.wordpress.org/browser/online-accessi...

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Victor Pasman
.