WP-Safety

Accessibility by AllAccessible Security & Risk Analysis

wordpress.org/plugins/allaccessible

Unlock true digital accessibility with AllAccessible - a comprehensive WordPress plugin driving your website towards WCAG/ADA compliance. Empower your users with a fully customizable accessibility widget, and enhance their experience with our premium AI-powered features.

2K active installs v2.0.4 PHP + WP 5.0+ Updated Nov 28, 2025
accessibilityaccessibleadasection-508wcag
97
A · Safe
CVEs total2
Unpatched0
Last CVEJan 3, 2025
Plugin page Download
Safety Verdict

Is Accessibility by AllAccessible Safe to Use in 2026?

Generally Safe

Score 97/100

Accessibility by AllAccessible has a strong security track record. Known vulnerabilities have been patched promptly.

2 known CVEsLast CVE: Jan 3, 2025Updated 4mo ago
Risk Assessment

The 'allaccessible' plugin v2.0.4 exhibits a mixed security posture. On the positive side, it demonstrates good practices by implementing nonce checks for all its AJAX handlers and capability checks for most operations. The absence of shortcodes, cron events, and REST API routes, coupled with 0 unprotected entry points, significantly limits the potential attack surface. The plugin also avoids dangerous functions, file operations, and bundled libraries, which are common sources of vulnerabilities. However, a significant concern arises from the static analysis revealing that 100% of its single SQL query does not use prepared statements. While taint analysis did not uncover critical or high-severity issues, the presence of 2 flows with unsanitized paths warrants attention. The plugin's vulnerability history is also a concern, with 2 previously disclosed high-severity vulnerabilities of the types Incorrect Privilege Assignment and Missing Authorization. The fact that these are listed as 'currently unpatched' (despite the 'unpatched' count being 0) and the recentness of the last vulnerability (2025-01-03) suggest a pattern of past security weaknesses that requires ongoing vigilance, even if current version appears to have addressed them. Overall, while the current version seems to have improved in some areas like auth checks, the historical trend and the unaddressed SQL query risk indicate a need for caution.

Key Concerns

  • SQL queries not using prepared statements
  • Flows with unsanitized paths detected
  • Previous high severity vulnerabilities (x2)
Vulnerabilities
2

Accessibility by AllAccessible Security Vulnerabilities

CVEs by Year

1 CVE in 2024
2024
1 CVE in 2025
2025
Patched Has unpatched

Severity Breakdown

High
2

2 total CVEs

CVE-2024-49644high · 8.8Incorrect Privilege Assignment

Accessibility by AllAccessible <= 1.3.4 - Authenticated (Subscriber+) Privilege Escalation

Jan 3, 2025 Patched in 1.3.5 (6d)
CVE-2024-11643high · 8.8Missing Authorization

Accessibility by AllAccessible <= 1.3.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Option Update

Dec 3, 2024 Patched in 1.3.5 (2d)
Code Analysis
Analyzed Mar 16, 2026

Accessibility by AllAccessible Code Analysis

Dangerous Functions
0
Raw SQL Queries
1
0 prepared
Unescaped Output
34
144 escaped
Nonce Checks
7
Capability Checks
8
File Operations
0
External Requests
6
Bundled Libraries
0

SQL Query Safety

0% prepared1 total queries

Output Escaping

81% escaped178 total outputs
Data Flows
2 unsanitized

Data Flow Analysis

4 flows2 with unsanitized paths
AllAccessible_save_settings (allaccessible.php:99)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Accessibility by AllAccessible Attack Surface

Entry Points7
Unprotected0

AJAX Handlers 7

authwp_ajax_AllAccessible_save_settingsallaccessible.php:127
authwp_ajax_aacb_clear_cacheallaccessible.php:144
authwp_ajax_aacb_reset_plugin_dataallaccessible.php:180
authwp_ajax_aacb_dismiss_setup_noticeinc\DashboardBanner.php:28
authwp_ajax_aacb_deactivation_feedbackinc\DeactivationSurvey.php:29
authwp_ajax_aacb_complete_wizardinc\OnboardingWizard.php:38
authwp_ajax_aacb_skip_wizardinc\OnboardingWizard.php:39
WordPress Hooks 19
actioninitallaccessible.php:71
actionrest_api_initinc\api\RestController.php:42
actionadmin_noticesinc\DashboardBanner.php:27
actionplugins_loadedinc\DashboardBanner.php:112
actionadmin_footerinc\DeactivationSurvey.php:28
actionplugins_loadedinc\DeactivationSurvey.php:324
actionadd_meta_boxesinc\EditorMetaBox.php:37
actionadmin_enqueue_scriptsinc\EditorMetaBox.php:38
actionplugins_loadedinc\EditorMetaBox.php:283
actionadmin_menuinc\OnboardingWizard.php:36
actionadmin_enqueue_scriptsinc\OnboardingWizard.php:37
actionplugins_loadedinc\OnboardingWizard.php:814
actionadmin_menuinc\SettingsPage.php:29
actionadmin_menuinc\SettingsPage.php:30
actionadmin_enqueue_scriptsinc\SettingsPage.php:31
actionplugins_loadedinc\SettingsPage.php:703
actionplugins_loadedinc\VersionManager.php:21
actionwp_headinc\WidgetLoader.php:29
actionplugins_loadedinc\WidgetLoader.php:76
Maintenance & Trust

Accessibility by AllAccessible Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedNov 28, 2025
PHP min version
Downloads21K

Community Trust

Rating100/100
Number of ratings15
Active installs2K
Alternatives

Accessibility by AllAccessible Alternatives

Ada Tray Accessibility Widget

Ada Tray Accessibility Widget

ada-tray-accessibility-widget

A
100

ADA Tray® is a powerful, patent-pending accessibility WordPress WCAG plugin designed to help your WordPress website meet WCAG 2.

50 No CVEs
Accessibility by UserWay

Accessibility by UserWay

userway-accessibility-widget

A
100

UserWay’s Accessibility Widget creates a simpler and more accessible browsing experience for your users.

80K No CVEs
Equalize Digital Accessibility Checker – Audit Your Website for WCAG, ADA, and Section 508 Accessibility Errors

Equalize Digital Accessibility Checker – Audit Your Website for WCAG, ADA, and Section 508 Accessibility Errors

accessibility-checker

A
97

Find and fix accessibility issues on your website. Detailed reports, autogenerated accessibility statement and one-click fixes to improve compliance.

10K 3 CVEs
DJ-Accessibility – Accessibility Plugin

DJ-Accessibility – Accessibility Plugin

dj-accessibility

A
100

DJ-Accessibility is a set of tools to help people with disabilities navigate the site.

3K No CVEs
Accessibility Tools & Alt Text Finder

Accessibility Tools & Alt Text Finder

tool-for-ada-section-508-and-seo

A
100

Accessibility Tools Included: Missing Alt text finder, contrast checker, WCAG 3.0 checklist, automated testing software and a ton of free resources.

3K No CVEs
Developer Profile

Accessibility by AllAccessible Developer Profile

AllAccessible

1 plugin · 2K total installs

98
trust score
Avg Security Score
97/100
Avg Patch Time
4 days
View full developer profile
Detection Fingerprints

How We Detect Accessibility by AllAccessible

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/allaccessible/assets/css/allaccessible-widget.css/wp-content/plugins/allaccessible/assets/js/allaccessible-widget.js/wp-content/plugins/allaccessible/assets/css/aacb-admin.css/wp-content/plugins/allaccessible/assets/js/aacb-admin.js/wp-content/plugins/allaccessible/assets/js/aacb-onboarding.js/wp-content/plugins/allaccessible/assets/js/aacb-api-client.js/wp-content/plugins/allaccessible/assets/js/aacb-widget-initializer.js
Script Paths
/wp-content/plugins/allaccessible/assets/js/allaccessible-widget.js/wp-content/plugins/allaccessible/assets/js/aacb-admin.js/wp-content/plugins/allaccessible/assets/js/aacb-onboarding.js/wp-content/plugins/allaccessible/assets/js/aacb-api-client.js/wp-content/plugins/allaccessible/assets/js/aacb-widget-initializer.js
Version Parameters
allaccessible/assets/css/allaccessible-widget.css?ver=allaccessible/assets/js/allaccessible-widget.js?ver=allaccessible/assets/css/aacb-admin.css?ver=allaccessible/assets/js/aacb-admin.js?ver=allaccessible/assets/js/aacb-onboarding.js?ver=allaccessible/assets/js/aacb-api-client.js?ver=allaccessible/assets/js/aacb-widget-initializer.js?ver=

HTML / DOM Fingerprints

CSS Classes
aacb-widget-containeraacb-widget-toggleaacb-editor-meta-boxaacb-upgrade-prompt
HTML Comments
<!-- AllAccessible Editor Meta Box --><!-- End AllAccessible Editor Meta Box --><!-- Start AllAccessible Upgrade Prompt --><!-- End AllAccessible Upgrade Prompt -->+1 more
Data Attributes
data-aacb-account-iddata-aacb-widget-iddata-aacb-widget-options
JS Globals
window.AllAccessibleWidgetwindow.aacbWidgetInitializer
FAQ

Frequently Asked Questions about Accessibility by AllAccessible