Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
6.5
WordPress Accessibility Suite plugin allows attackers to steal WordPress database data
CVE-2026-3773
Summary
This plugin, used by WordPress sites, allows attackers to access sensitive information if they have a low-level user account. This is because the plugin doesn't properly protect against a type of attack that injects malicious code into the database. Affected sites should update the plugin to a fixed version.
Original title
The Accessibility Suite by Ability, Inc plugin for WordPress is vulnerable to SQL Injection via the 'scan_id' parameter in all versions up to, and including, 4.20. This is due to insufficient escap...
Original description
The Accessibility Suite by Ability, Inc plugin for WordPress is vulnerable to SQL Injection via the 'scan_id' parameter in all versions up to, and including, 4.20. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
nvd CVSS3.1
6.5
Vulnerability type
CWE-89
SQL Injection
Published: 16 Apr 2026 · Updated: 16 Apr 2026 · First seen: 16 Apr 2026