WP-Safety

Web Accessibility with Max Access Security & Risk Analysis

wordpress.org/plugins/accessibility-toolbar

The ultimate web accessibility plugin. Leverages AI to scan your site, fix website code, and improve SEO. Includes the web accessibility toolbar.

900 active installs v2.1.0 PHP 7.4+ WP 5.7+ Updated Aug 28, 2025
accessibilityaccessibility-complianceaccessibility-toolbarwcagwordpress-accessibility
76
B · Generally Safe
CVEs total2
Unpatched1
Last CVEJan 9, 2026
Download
Safety Verdict

Is Web Accessibility with Max Access Safe to Use in 2026?

Mostly Safe

Score 76/100

Web Accessibility with Max Access is generally safe to use. 2 past CVEs were resolved.

2 known CVEs 1 unpatched Last CVE: Jan 9, 2026Updated 8mo ago
Risk Assessment

The accessibility-toolbar plugin version 2.1.0 exhibits a mixed security posture. On the positive side, the static analysis reveals a small attack surface with no identified unprotected entry points. The plugin diligently uses prepared statements for all SQL queries and implements nonce and capability checks, indicating good security practices in these areas. However, concerns arise from the vulnerability history, which shows two known medium-severity vulnerabilities, one of which remains unpatched. The types of past vulnerabilities, including Cross-Site Scripting and Cross-Site Request Forgery, are serious and warrant attention.

While the current static analysis did not uncover any critical taint flows or unsanitized paths, and most output is properly escaped, the presence of unpatched vulnerabilities is a significant risk. The fact that these past vulnerabilities were of medium severity suggests potential for attackers to exploit flaws. The external HTTP requests, while not flagged as problematic in the static analysis, could become a vector if the external services are compromised or if the plugin mishandles the responses. The low number of overall entry points is a strength, but the unpatched vulnerability history overshadows this, suggesting a need for more robust security development and maintenance practices.

Key Concerns

  • Unpatched medium severity CVE
  • Past vulnerabilities indicate XSS and CSRF risks
  • 2 external HTTP requests
  • 1 out of 5 outputs not properly escaped
Vulnerabilities
2 published

Web Accessibility with Max Access Security Vulnerabilities

CVEs by Year

1 CVE in 2025
2025
1 CVE in 2026 · unpatched
2026
Patched Has unpatched

Severity Breakdown

Medium
2

2 total CVEs

CVE-2026-24629medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Web Accessibility with Max Access <= 2.1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting

Jan 9, 2026Unpatched
CVE-2025-47681medium · 4.3Cross-Site Request Forgery (CSRF)

Web Accessibility with Max Access <= 2.0.9 - Cross-Site Request Forgery

May 7, 2025 Patched in 2.1.0 (115d)
Version History

Web Accessibility with Max Access Release Timeline

v2.1.0Current1 CVE
CVE-2026-24629
v2.0.92 CVEs
CVE-2026-24629 CVE-2025-47681
v2.0.82 CVEs
CVE-2026-24629 CVE-2025-47681
v2.0.72 CVEs
CVE-2026-24629 CVE-2025-47681
v2.0.62 CVEs
CVE-2026-24629 CVE-2025-47681
v2.0.52 CVEs
CVE-2026-24629 CVE-2025-47681
v2.0.42 CVEs
CVE-2026-24629 CVE-2025-47681
v2.0.32 CVEs
CVE-2026-24629 CVE-2025-47681
v2.0.3.02 CVEs
CVE-2026-24629 CVE-2025-47681
v2.0.22 CVEs
CVE-2026-24629 CVE-2025-47681
v2.0.12 CVEs
CVE-2026-24629 CVE-2025-47681
v2.0.02 CVEs
CVE-2026-24629 CVE-2025-47681
v1.40.22 CVEs
CVE-2026-24629 CVE-2025-47681
v1.4.62 CVEs
CVE-2026-24629 CVE-2025-47681
v1.4.52 CVEs
CVE-2026-24629 CVE-2025-47681
v1.4.42 CVEs
CVE-2026-24629 CVE-2025-47681
v1.4.32 CVEs
CVE-2026-24629 CVE-2025-47681
v1.4.22 CVEs
CVE-2026-24629 CVE-2025-47681
v1.4.12 CVEs
CVE-2026-24629 CVE-2025-47681
v1.4.02 CVEs
CVE-2026-24629 CVE-2025-47681
Code Analysis
Analyzed Mar 16, 2026

Web Accessibility with Max Access Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
1
4 escaped
Nonce Checks
1
Capability Checks
2
File Operations
0
External Requests
2
Bundled Libraries
0

Output Escaping

80% escaped5 total outputs
Data Flows · Security
All sanitized

Data Flow Analysis

2 flows
get_licenses (index.php:194)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Web Accessibility with Max Access Attack Surface

Entry Points1
Unprotected0

AJAX Handlers 1

authwp_ajax_get_licensesindex.php:192
WordPress Hooks 6
actionadmin_enqueue_scriptsindex.php:45
filterscript_loader_tagindex.php:49
actioninitindex.php:59
filterplugin_row_metaindex.php:85
actionadmin_menuindex.php:102
actionwp_loadedindex.php:234
Maintenance & Trust

Web Accessibility with Max Access Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedAug 28, 2025
PHP min version7.4
Downloads33K

Community Trust

Rating86/100
Number of ratings6
Active installs900
Alternatives

Web Accessibility with Max Access Alternatives

Max Access – DEPRECATED (new plugin available)

Max Access – DEPRECATED (new plugin available)

max-access

A
85

Version 2.0.0 Requires PHP: ^5.6 License: GPLv2 or later License URI: http://www.gnu.org/licenses/gpl-2.0.html Add front-end WCAG compliant accessibi &hellip;

10 No CVEs
Web Accessibility by accessiBe

Web Accessibility by accessiBe

accessibe

A
95

Fix accessibility issues & make your site accessible with an AI-powered accessibility service.

10K 5 CVEs
Accessibility Suite by Ability, Inc

Accessibility Suite by Ability, Inc

online-accessibility

C
60

Version 4.20 License: GPLv2 or later License URI: http://www.gnu.org/licenses/gpl-2.0.html Donate link: Audit and update your WordPress website for AD &hellip;

600 1 unpatched
Accessibility Enabler

Accessibility Enabler

accessibility-enabler

A
100

This plugin increases compliance with WCAG 2.0, ADA , Section 508 without changing your website’s existing code.

300 No CVEs
Ally – Web Accessibility & Usability

Ally – Web Accessibility & Usability

pojo-accessibility

A
93

Ally: Make your site more inclusive by scanning for accessibility violations, fixing them easily, and adding a usability widget and accessibility stat &hellip;

500K 4 CVEs
Developer Profile

Web Accessibility with Max Access Developer Profile

Ability, Inc

3 plugins · 2K total installs

61
trust score
Avg Security Score
74/100
Avg Patch Time
379 days
View full developer profile
Detection Fingerprints

How We Detect Web Accessibility with Max Access

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/accessibility-toolbar/src/admin.js/wp-content/plugins/accessibility-toolbar/src/style.css
Version Parameters
accessibility-toolbar/src/admin.js?ver=accessibility-toolbar/src/style.css?ver=

HTML / DOM Fingerprints

CSS Classes
oada_accessibility_toolbar_admin
Data Attributes
type="module"
JS Globals
ajax_objectoada_ma_license_keyoada_ma_license_url
FAQ

Frequently Asked Questions about Web Accessibility with Max Access