Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
5.3
Sensitive data exposed by WordPress accessiBe plugin in all versions up to 2.11
CVE-2025-13113
Summary
The accessiBe plugin for WordPress exposes sensitive information, such as email addresses and license details, to anyone who views the website's browser console. This could lead to unauthorized access to sensitive data. Update the plugin to a version higher than 2.11 to prevent this exposure.
Original title
The Web Accessibility by accessiBe plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.11. This is due to the `accessibe_render_js_in_footer...
Original description
The Web Accessibility by accessiBe plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.11. This is due to the `accessibe_render_js_in_footer()` function logging the complete plugin options array to the browser console on public pages, without restricting output to privileged users or checking for debug mode. This makes it possible for unauthenticated attackers to view sensitive configuration data, including email addresses, accessiBe user IDs, account IDs, and license information, via the browser console when the widget is disabled.
nvd CVSS3.1
5.3
Vulnerability type
CWE-200
Information Exposure
Published: 19 Feb 2026 · Updated: 11 Mar 2026 · First seen: 6 Mar 2026