WP-Safety

AccessibleWP – Accessibility Toolbar Security & Risk Analysis

wordpress.org/plugins/accessible-poetry

Add a professional accessibility toolbar to your WordPress site and make it easier for users with disabilities.

20K active installs v5.4.0 PHP + WP 4.1+ Updated Oct 3, 2024
a11yaccessibilitysection-508waiwcag
92
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is AccessibleWP – Accessibility Toolbar Safe to Use in 2026?

Generally Safe

Score 92/100

AccessibleWP – Accessibility Toolbar has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1yr ago
Risk Assessment

The "accessible-poetry" plugin v5.4.0 exhibits a mixed security posture. On the positive side, it demonstrates good practices by avoiding dangerous functions, performing all SQL queries using prepared statements, and having no recorded vulnerability history. The absence of file operations and external HTTP requests also reduces potential attack vectors. However, significant concerns arise from the static analysis. The plugin exposes two AJAX handlers, both lacking any authentication checks. This creates a substantial attack surface where unauthenticated users can trigger plugin functionality, potentially leading to unintended actions or information disclosure. Furthermore, a concerning 46% of output escaping is not properly handled, which could open the door to cross-site scripting (XSS) vulnerabilities if the output is not sanitized from user-controlled data. While the taint analysis shows no immediate critical or high severity flows, the lack of proper escaping on a significant portion of outputs, combined with unauthenticated entry points, presents a considerable risk. The plugin's history of zero vulnerabilities could indicate either robust development or simply a lack of targeted attacks due to its current state. In conclusion, while the plugin avoids common pitfalls like raw SQL and dangerous functions, the critical issues of unauthenticated AJAX handlers and widespread output escaping deficiencies necessitate immediate attention.

Key Concerns

  • Unauthenticated AJAX handlers
  • Significant portion of unescaped output
Vulnerabilities
None known

AccessibleWP – Accessibility Toolbar Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

AccessibleWP – Accessibility Toolbar Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
59
69 escaped
Nonce Checks
0
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

54% escaped128 total outputs
Attack Surface
2 unprotected

AccessibleWP – Accessibility Toolbar Attack Surface

Entry Points2
Unprotected2

AJAX Handlers 2

authwp_ajax_acwp_toolbar_connect_callbackinc\panel.php:35
noprivwp_ajax_acwp_toolbar_connect_callbackinc\panel.php:38
WordPress Hooks 19
actioninitaccessible-wp-toolbar.php:34
actionwp_enqueue_scriptsinc\assets.php:33
actionadmin_enqueue_scriptsinc\assets.php:53
filterbody_classinc\assets.php:82
filterbody_classinc\assets.php:84
filterbody_classinc\assets.php:86
actionwp_headinc\assets.php:87
filterbody_classinc\body-classes.php:74
actionadmin_enqueue_scriptsinc\notifications.php:12
actionadmin_enqueue_scriptsinc\notifications.php:18
actionwp_enqueue_scriptsinc\notifications.php:29
actionadmin_noticesinc\notifications.php:61
actionadmin_footerinc\notifications.php:90
actionadmin_menuinc\panel.php:73
actionadmin_initinc\panel.php:76
filterwp_headinc\styles.php:106
actionwp_footerinc\toolbar.php:61
actionwp_footerinc\toolbar.php:178
actionwp_footerinc\toolbar.php:195
Maintenance & Trust

AccessibleWP – Accessibility Toolbar Maintenance & Trust

Maintenance Signals

WordPress version tested6.6.5
Last updatedOct 3, 2024
PHP min version
Downloads138K

Community Trust

Rating90/100
Number of ratings47
Active installs20K
Alternatives

AccessibleWP – Accessibility Toolbar Alternatives

WP Accessibility Helper (WAH)

WP Accessibility Helper (WAH)

wp-accessibility-helper

A
97

Short Description WP Accessibility Helper helps solve accessibility problems

10K 5 CVEs
Meacodes Accessibility Tools

Meacodes Accessibility Tools

meacodes-accessibility-tools

A
100

This is an accessibility Plugin for people with disabilities to use the web easily.

50 No CVEs
Call Now Accessibility Button

Call Now Accessibility Button

accessibility-help-button

B
84

Add an - INVISIBLE Call Now Button - that allows only screen readers to know it's there. This allows a disabled user having issues accessing a pa …

10 2 CVEs
Ally – Web Accessibility & Usability

Ally – Web Accessibility & Usability

pojo-accessibility

A
93

Ally: Make your site more inclusive by scanning for accessibility violations, fixing them easily, and adding a usability widget and accessibility stat …

500K 4 CVEs
Accessibility by UserWay

Accessibility by UserWay

userway-accessibility-widget

A
100

UserWay’s Accessibility Widget creates a simpler and more accessible browsing experience for your users.

80K No CVEs
Developer Profile

AccessibleWP – Accessibility Toolbar Developer Profile

UserWay

2 plugins · 100K total installs

91
trust score
Avg Security Score
96/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect AccessibleWP – Accessibility Toolbar

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/accessible-poetry/assets/css/main.css/wp-content/plugins/accessible-poetry/assets/js/toolbar.js/wp-content/plugins/accessible-poetry/assets/js/admin.js/wp-content/plugins/accessible-poetry/assets/css/admin.css
Script Paths
/wp-content/plugins/accessible-poetry/assets/js/toolbar.js/wp-content/plugins/accessible-poetry/assets/js/admin.js/wp-content/plugins/accessible-poetry/inc/api-script.js/wp-content/plugins/accessible-poetry/inc/frontend.js
Version Parameters
accessible-poetry/assets/js/toolbar.js?ver=accessible-poetry/assets/css/main.css?ver=accessible-poetry/assets/js/admin.js?ver=accessible-poetry/assets/css/admin.css?ver=accessible-poetry/inc/api-script.js?ver=accessible-poetry/inc/frontend.js?ver=

HTML / DOM Fingerprints

CSS Classes
acwp-readable-tahomaacwp-readable-arialacwp-readable-customacwp-readable
HTML Comments
<!-- Live preview of the changes --><!-- Placeholder for the banner logo --><!-- Dismissible notice -->
Data Attributes
data-fontsizer_customtagsdata-fontsize_excludetagsdata-fontsizer_maxdata-fontsizer_mindata-fontsizer_nolineheightdata-hide_fontsize+4 more
JS Globals
acwp_attrAccessibleWPData
FAQ

Frequently Asked Questions about AccessibleWP – Accessibility Toolbar