WP-Safety

Web Accessibility by accessiBe Security & Risk Analysis

wordpress.org/plugins/accessibe

Fix accessibility issues & make your site accessible with an AI-powered accessibility service.

10K active installs v2.13 PHP 7.0+ WP 4.7+ Updated Feb 23, 2026
accessibilityadawcagweb-accessibilitywordpress-accessibility
95
A · Safe
CVEs total5
Unpatched0
Last CVEFeb 18, 2026
Plugin page Download
Safety Verdict

Is Web Accessibility by accessiBe Safe to Use in 2026?

Generally Safe

Score 95/100

Web Accessibility by accessiBe has a strong security track record. Known vulnerabilities have been patched promptly.

5 known CVEsLast CVE: Feb 18, 2026Updated 1mo ago
Risk Assessment

The AccessiBe plugin, version 2.13, presents a mixed security posture. On the positive side, it demonstrates good practices by exclusively using prepared statements for SQL queries and having a high percentage of properly escaped output. The plugin also incorporates a significant number of nonce and capability checks, indicating an effort to implement authorization and prevent common web vulnerabilities. There are no critical or high severity taint flows detected, nor are there any currently unpatched known vulnerabilities, which are positive indicators.

Key Concerns

  • 1 AJAX handler without authentication
  • 5 medium severity known CVEs
  • Large attack surface with 1 unprotected entry point
Vulnerabilities
5

Web Accessibility by accessiBe Security Vulnerabilities

CVEs by Year

1 CVE in 2023
2023
3 CVEs in 2025
2025
1 CVE in 2026
2026
Patched Has unpatched

Severity Breakdown

Medium
5

5 total CVEs

CVE-2025-13113medium · 5.3Exposure of Sensitive Information to an Unauthorized Actor

Web Accessibility by accessiBe <= 2.11 - Unauthenticated Sensitive Information Exposure

Feb 18, 2026 Patched in 2.12 (1d)
CVE-2025-49920medium · 4.3Missing Authorization

Web Accessibility By accessiBe <= 2.10 - Missing Authorization

Oct 27, 2025 Patched in 2.11 (9d)
CVE-2025-10375medium · 4.3Cross-Site Request Forgery (CSRF)

Web Accessibility By accessiBe <= 2.10 - Cross-Site Request Forgery

Oct 10, 2025 Patched in 2.11 (1d)
CVE-2025-26981medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Web Accessibility By accessiBe <= 2.5 - Reflected Cross-Site Scripting

Feb 23, 2025 Patched in 2.6 (9d)
WF-9d79ce22-33ef-4dfb-a842-591cd7cedc94-accessibemedium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Web Accessibility By accessiBe <= 1.15 - Authenticated (Administrator+) Stored Cross-Site Scripting

Jul 27, 2023 Patched in 1.16 (180d)
Code Analysis
Analyzed Mar 16, 2026

Web Accessibility by accessiBe Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
12
50 escaped
Nonce Checks
10
Capability Checks
8
File Operations
2
External Requests
0
Bundled Libraries
0

Output Escaping

81% escaped62 total outputs
Data Flows
All sanitized

Data Flow Analysis

2 flows
accessibe_add_verification_page_ajax (class.accessibeforwp.php:281)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
1 unprotected

Web Accessibility by accessiBe Attack Surface

Entry Points11
Unprotected1

AJAX Handlers 11

authwp_ajax_accessibe_dismiss_pointerclass.accessibeforwp.php:108
authwp_ajax_accessibe_signupclass.accessibeforwp.php:111
authwp_ajax_accessibe_loginclass.accessibeforwp.php:113
authwp_ajax_accessibe_merchant_detailclass.accessibeforwp.php:115
authwp_ajax_accessibe_domain_listclass.accessibeforwp.php:117
authwp_ajax_accessibe_license_trialclass.accessibeforwp.php:119
authwp_ajax_accessibe_logoutclass.accessibeforwp.php:121
authwp_ajax_accessibe_inject_scriptclass.accessibeforwp.php:123
authwp_ajax_accessibe_remove_scriptclass.accessibeforwp.php:125
authwp_ajax_accessibe_modify_configclass.accessibeforwp.php:127
authwp_ajax_accessibe_add_verification_pageclass.accessibeforwp.php:133
WordPress Hooks 8
actionplugins_loadedaccessiebe.php:17
actionadmin_menuclass.accessibeforwp.php:87
actionplugins_loadedclass.accessibeforwp.php:90
actionwp_footerclass.accessibeforwp.php:93
actionupgrader_process_completeclass.accessibeforwp.php:96
actionadmin_initclass.accessibeforwp.php:99
actionadmin_enqueue_scriptsclass.accessibeforwp.php:105
filteradmin_footer_textclass.accessibeforwp.php:131
Maintenance & Trust

Web Accessibility by accessiBe Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedFeb 23, 2026
PHP min version7.0
Downloads288K

Community Trust

Rating82/100
Number of ratings32
Active installs10K
Alternatives

Web Accessibility by accessiBe Alternatives

Accessibility Enabler

Accessibility Enabler

accessibility-enabler

A
100

This plugin increases compliance with WCAG 2.0, ADA , Section 508 without changing your website’s existing code.

300 No CVEs
Accessibility Widget by OneTap – Easy One-Click Accessibility Toolbar

Accessibility Widget by OneTap – Easy One-Click Accessibility Toolbar

accessibility-onetap

A
100

OneTap is a multilingual WordPress plugin designed for seamless website accessibility.

40K No CVEs
AccessYes Accessibility Widget for ADA, EAA & WCAG Readiness

AccessYes Accessibility Widget for ADA, EAA & WCAG Readiness

accessibility-widget

A
99

Free accessibility widget to support WCAG, ADA & EAA. Includes text resize, high contrast, dyslexia-friendly font, spacing, and more tools.

10K 1 CVE
Accessibility Suite by Ability, Inc

Accessibility Suite by Ability, Inc

online-accessibility

A
91

Version 4.20 License: GPLv2 or later License URI: http://www.gnu.org/licenses/gpl-2.0.html Donate link: Audit and update your WordPress website for AD &hellip;

600 7 CVEs
Accessibly – WordPress Website Accessibility

Accessibly – WordPress Website Accessibility

otm-accessibly

A
92

Accessibly app is a WordPress accessibility plugin that will help your website become accessible to even more of your site visitors.

400 No CVEs
Developer Profile

Web Accessibility by accessiBe Developer Profile

accessiBe

1 plugin · 10K total installs

85
trust score
Avg Security Score
95/100
Avg Patch Time
40 days
View full developer profile
Detection Fingerprints

How We Detect Web Accessibility by accessiBe

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/accessibe/accessibe_inc/css/accessibe-admin.css/wp-content/plugins/accessibe/accessibe_inc/css/accessibe-admin.min.css/wp-content/plugins/accessibe/accessibe_inc/js/accessibe-admin-global.js/wp-content/plugins/accessibe/accessibe_inc/js/accessibe-admin.js/wp-content/plugins/accessibe/accessibe_inc/js/accessibe-admin.min.js/wp-content/plugins/accessibe/accessibe_inc/js/accessibe-global.js/wp-content/plugins/accessibe/accessibe_inc/js/accessibe.js/wp-content/plugins/accessibe/accessibe_inc/js/accessibe.min.js+2 more
Script Paths
https://universal.accessibe.com/accessibe.js
Version Parameters
accessibe-admin-global.js?ver=accessibe-admin.js?ver=accessibe-global.js?ver=accessibe.js?ver=mixpanel.js?ver=

HTML / DOM Fingerprints

CSS Classes
accessibe-access-buttonaccessibe-close-buttonaccessibe-widget-launcher
HTML Comments
<!-- accessiBe :: START --><!-- accessiBe :: END -->
Data Attributes
accessibedata-accessibe-iddata-accessibe-triggerdata-accessibe-widget-iddata-accessibe-widget-settings
JS Globals
accessibeWidgetsAccessibe
REST Endpoints
/wp-json/accessibe/v1/settings/wp-json/accessibe/v1/config
FAQ

Frequently Asked Questions about Web Accessibility by accessiBe