Accessibility Tool Kit: WP Accessibility plugin for WCAG, Section 508, ADA, EAA Compliance Security & Risk Analysis

wordpress.org/plugins/accessibility-plus

Powerful WordPress accessibility plugin to detect and fix WCAG issues, improve usability, and support ADA, EAA, and Section 508 compliance.

1K active installs v2.0.9 PHP 5.6+ WP 5.0+ Updated Feb 5, 2026

a11yaccessibilityadaeaawcag

A · Safe

CVEs total1

Unpatched0

Last CVEOct 30, 2025

Plugin page Download

Safety Verdict

Is Accessibility Tool Kit: WP Accessibility plugin for WCAG, Section 508, ADA, EAA Compliance Safe to Use in 2026?

Generally Safe

Score 99/100

Accessibility Tool Kit: WP Accessibility plugin for WCAG, Section 508, ADA, EAA Compliance has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Oct 30, 2025Updated 1mo ago

Risk Assessment

The 'accessibility-plus' plugin v2.0.9 exhibits a generally good security posture based on the provided static analysis. The code demonstrates strong adherence to secure coding practices, with all SQL queries utilizing prepared statements, 100% of output being properly escaped, and a robust implementation of capability checks (9 instances). The presence of a nonce check further reinforces its defensive mechanisms. The limited attack surface, with only one AJAX handler and no exposed REST API routes, shortcodes, or cron events, is also a positive indicator.

However, a significant concern arises from the plugin's vulnerability history. The presence of one known medium-severity CVE, even though currently unpatched, suggests a past weakness. While the common vulnerability type points to 'Missing Authorization,' the static analysis data shows a protected AJAX handler. This discrepancy warrants further investigation to understand if the historical vulnerability was addressed or if it represents a blind spot in the current analysis.

In conclusion, while the current code exhibits strong security practices and a small attack surface, the past medium-severity vulnerability related to authorization is a notable weakness. The plugin has demonstrated the ability to introduce security flaws, and vigilance is required to ensure such issues do not re-emerge. The lack of taint analysis results is neutral, as it could mean no flows were found or the analysis was not comprehensive.

Key Concerns

One medium severity CVE historically

Vulnerabilities

Accessibility Tool Kit: WP Accessibility plugin for WCAG, Section 508, ADA, EAA Compliance Security Vulnerabilities

CVEs by Year

1 CVE in 2025

2025

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2025-66112medium · 4.3Missing Authorization

Accessibility Toolkit by WebYes <= 2.0.4 - Missing Authorization

Oct 30, 2025 Patched in 2.0.5 (27d)

Code Analysis

Analyzed Mar 16, 2026

Accessibility Tool Kit: WP Accessibility plugin for WCAG, Section 508, ADA, EAA Compliance Code Analysis

Dangerous Functions

Raw SQL Queries

1 prepared

Unescaped Output

90 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared1 total queries

Output Escaping

100% escaped90 total outputs

Attack Surface

Accessibility Tool Kit: WP Accessibility plugin for WCAG, Section 508, ADA, EAA Compliance Attack Surface

Entry Points1

Unprotected0

AJAX Handlers 1

authwp_ajax_wya11y_submit_uninstall_reasonlite\includes\class-uninstall-feedback.php:51

WordPress Hooks 27

actionadmin_menulegacy\inc\options.php:165

actiontemplate_redirectlegacy\loader.php:347

actionadmin_enqueue_scriptslegacy\loader.php:367

actionadmin_menulite\admin\class-admin.php:81

actionadmin_print_scriptslite\admin\class-admin.php:82

filterscript_loader_taglite\admin\class-admin.php:157

actionrest_api_initlite\admin\modules\settings\api\class-api.php:50

actionrest_api_initlite\admin\modules\statement\api\class-api.php:51

actionwp_enqueue_scriptslite\frontend\class-frontend.php:88

actionwp_enqueue_scriptslite\frontend\class-frontend.php:89

actionwp_enqueue_scriptslite\frontend\class-frontend.php:90

actionwp_headlite\frontend\class-frontend.php:91

filterscript_loader_taglite\frontend\class-frontend.php:186

actioninitlite\frontend\modules\fixes\class-fixes.php:27

filtercomment_form_defaultslite\frontend\modules\fixes\fix\class-comment-search.php:37

filterget_search_formlite\frontend\modules\fixes\fix\class-comment-search.php:41

filterwp_headlite\frontend\modules\fixes\fix\class-focus-outline.php:34

filterlanguage_attributeslite\frontend\modules\fixes\fix\class-lang-dir.php:35

filterwya11y_configlite\frontend\modules\fixes\fix\class-lang-dir.php:36

actionwp_enqueue_scriptslite\frontend\modules\fixes\fix\class-new-window-warning.php:37

actionwp_headlite\frontend\modules\fixes\fix\class-new-window-warning.php:47

actionwp_body_openlite\frontend\modules\fixes\fix\class-skip-link.php:33

filterwya11y_configlite\frontend\modules\fixes\fix\class-under-line-links.php:34

actioninitlite\includes\class-activator.php:63

actionadmin_enqueue_scriptslite\includes\class-base.php:140

actionadmin_enqueue_scriptslite\includes\class-base.php:141

actionadmin_footerlite\includes\class-uninstall-feedback.php:50

Maintenance & Trust

Accessibility Tool Kit: WP Accessibility plugin for WCAG, Section 508, ADA, EAA Compliance Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedFeb 5, 2026

PHP min version5.6

Downloads17K

Community Trust

Rating100/100

Number of ratings4

Active installs1K

Alternatives

Accessibility Tool Kit: WP Accessibility plugin for WCAG, Section 508, ADA, EAA Compliance Alternatives

Accessibility by UserWay

userway-accessibility-widget

100

UserWay’s Accessibility Widget creates a simpler and more accessible browsing experience for your users.

80K No CVEs

Accessibility New Window Warnings

accessibility-new-window-warnings

100

Make links that open in a new window compliant with WCAG guidelines for accessibility by adding a warning for users.

1K No CVEs

Accessibility Enabler

accessibility-enabler

100

This plugin increases compliance with WCAG 2.0, ADA , Section 508 without changing your website’s existing code.

300 No CVEs

Accessibility Assistant – Readabler

readabler-assistant

100

Readabler Accessibility Assistant adds AI-powered accessibility features directly to your WordPress site for a better user experience.

200 No CVEs

Accessibility Assistant – EAA ADA WCAG AODA

accessibility-assistant

100

Enhance store inclusivity with Easy Web Accessibility Widget for EAA, ADA, WCAG & AODA compliance

100 No CVEs

Developer Profile

Accessibility Tool Kit: WP Accessibility plugin for WCAG, Section 508, ADA, EAA Compliance Developer Profile

WebToffee

17 plugins · 377K total installs

trust score

Avg Security Score

98/100

Avg Patch Time

155 days

View full developer profile

Detection Fingerprints

How We Detect Accessibility Tool Kit: WP Accessibility plugin for WCAG, Section 508, ADA, EAA Compliance

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/accessibility-plus/lite/css/a11y-style.css/wp-content/plugins/accessibility-plus/lite/js/a11y.js/wp-content/plugins/accessibility-plus/lite/js/accessibility.js/wp-content/plugins/accessibility-plus/lite/js/accessibility-main.js

Script Paths

/wp-content/plugins/accessibility-plus/lite/js/a11y.js/wp-content/plugins/accessibility-plus/lite/js/accessibility.js/wp-content/plugins/accessibility-plus/lite/js/accessibility-main.js

Version Parameters

accessibility-plus/lite/css/a11y-style.css?ver=accessibility-plus/lite/js/a11y.js?ver=accessibility-plus/lite/js/accessibility.js?ver=accessibility-plus/lite/js/accessibility-main.js?ver=

HTML / DOM Fingerprints

CSS Classes

a11y-skip-link-containera11y-skip-link

HTML Comments

Data Attributes

aria-labeldata-a11y-skip-link

JS Globals

a11y

FAQ