WP-Safety

Accessiy by CodeConfig – Accessibility Widgets for ADA, EAA & WCAG Compliance Security & Risk Analysis

wordpress.org/plugins/codeconfig-accessibility

Accessiy by CodeConfig – One-click setup for WCAG, ADA & EAA compliance with smart, customizable accessibility tools

20 active installs v1.0.4 PHP 7.4+ WP 6.2+ Updated Feb 20, 2026
a11yaccessibilityadawcagweb-accessibility
76
B · Generally Safe
CVEs total2
Unpatched1
Last CVEDec 5, 2025
Plugin page Download
Safety Verdict

Is Accessiy by CodeConfig – Accessibility Widgets for ADA, EAA & WCAG Compliance Safe to Use in 2026?

Mostly Safe

Score 76/100

Accessiy by CodeConfig – Accessibility Widgets for ADA, EAA & WCAG Compliance is generally safe to use. 2 past CVEs were resolved. Keep it updated.

2 known CVEs 1 unpatched Last CVE: Dec 5, 2025Updated 1mo ago
Risk Assessment

The code analysis for codeconfig-accessibility v1.0.4 reveals a generally strong security posture with many good practices observed. The plugin exhibits zero AJAX handlers, REST API routes, shortcodes, or cron events, resulting in a minimal attack surface. All observed SQL queries utilize prepared statements, and all output is properly escaped, mitigating common injection and XSS vulnerabilities. The presence of nonce and capability checks further enhances security by verifying user permissions for sensitive operations. However, the static analysis did not identify any taint flows, which could indicate limited complexity or the absence of dynamic analysis.

Despite the positive static analysis findings, the plugin's vulnerability history is a significant concern. The existence of two known Common Vulnerabilities and Exposures (CVEs), with one remaining unpatched, points to a recurring security weakness. Specifically, the common vulnerability type being 'Missing Authorization' is particularly worrying, suggesting that past vulnerabilities may have allowed unauthorized access or actions. While the current version might have addressed some issues, the history indicates a pattern of security flaws that require careful attention and proactive patching.

In conclusion, codeconfig-accessibility v1.0.4 benefits from a clean codebase with robust defenses against common web vulnerabilities like SQL injection and XSS. The limited attack surface is also a positive aspect. Nevertheless, the recurring 'Missing Authorization' vulnerabilities and the presence of an unpatched CVE are serious red flags that necessitate a cautious approach. Users should be aware of this history and prioritize staying updated with any future security patches from the developer.

Key Concerns

  • Unpatched CVE
  • Medium severity CVEs in history
  • Bundled library (Freemius v1.0) may be outdated
Vulnerabilities
2

Accessiy by CodeConfig – Accessibility Widgets for ADA, EAA & WCAG Compliance Security Vulnerabilities

CVEs by Year

2 CVEs in 2025 · unpatched
2025
Patched Has unpatched

Severity Breakdown

Medium
2

2 total CVEs

CVE-2025-13309medium · 4.3Missing Authorization

Accessiy By CodeConfig Accessibility – Easy One-Click Accessibility Toolbar That Truly Matters <= 1.0.2 - Authenticated (Subscriber+) Missing Authorization to Modify Accessibility Settings

Dec 5, 2025Unpatched
CVE-2025-13358medium · 5.3Missing Authorization

Accessiy By CodeConfig Accessibility <= 1.0.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Page Creation

Dec 5, 2025 Patched in 1.0.1 (7d)
Code Analysis
Analyzed Mar 16, 2026

Accessiy by CodeConfig – Accessibility Widgets for ADA, EAA & WCAG Compliance Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
12 prepared
Unescaped Output
0
21 escaped
Nonce Checks
5
Capability Checks
3
File Operations
3
External Requests
0
Bundled Libraries
1

Bundled Libraries

Freemius1.0

SQL Query Safety

100% prepared12 total queries

Output Escaping

100% escaped21 total outputs
Attack Surface

Accessiy by CodeConfig – Accessibility Widgets for ADA, EAA & WCAG Compliance Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 17
actionwp_body_openapp\Display.php:21
actionwp_enqueue_scriptsapp\Display.php:22
actionwp_enqueue_scriptsapp\Display.php:25
actionwp_footerapp\Display.php:26
actionwp_headapp\MouseCustomization.php:16
filterupload_mimescore\functions.php:163
actionadmin_enqueue_scriptscore\functions.php:175
filterwp_prepare_attachment_for_jscore\functions.php:187
filterrocket_rucss_safelistcore\functions.php:191
actionadmin_menuincludes\Admin.php:22
filterupload_mimesincludes\Admin.php:23
filterwp_handle_upload_prefilterincludes\Admin.php:24
filterwp_check_filetype_and_extincludes\Admin.php:25
filterplugin_row_metaincludes\CodeConfig.php:39
actionadmin_enqueue_scriptsincludes\Enqueue.php:23
actionwp_enqueue_scriptsincludes\Enqueue.php:24
actionadmin_menuincludes\Pages\AdminPages.php:11
Maintenance & Trust

Accessiy by CodeConfig – Accessibility Widgets for ADA, EAA & WCAG Compliance Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedFeb 20, 2026
PHP min version7.4
Downloads576

Community Trust

Rating0/100
Number of ratings0
Active installs20
Alternatives

Accessiy by CodeConfig – Accessibility Widgets for ADA, EAA & WCAG Compliance Alternatives

Accessibility Enabler

Accessibility Enabler

accessibility-enabler

A
100

This plugin increases compliance with WCAG 2.0, ADA , Section 508 without changing your website’s existing code.

300 No CVEs
Ally – Web Accessibility & Usability

Ally – Web Accessibility & Usability

pojo-accessibility

A
93

Ally: Make your site more inclusive by scanning for accessibility violations, fixing them easily, and adding a usability widget and accessibility stat &hellip;

500K 4 CVEs
Accessibility Widget by OneTap – Easy One-Click Accessibility Toolbar

Accessibility Widget by OneTap – Easy One-Click Accessibility Toolbar

accessibility-onetap

A
100

OneTap is a multilingual WordPress plugin designed for seamless website accessibility.

40K No CVEs
Web Accessibility by accessiBe

Web Accessibility by accessiBe

accessibe

A
95

Fix accessibility issues & make your site accessible with an AI-powered accessibility service.

10K 5 CVEs
AccessYes Accessibility Widget for ADA, EAA & WCAG Readiness

AccessYes Accessibility Widget for ADA, EAA & WCAG Readiness

accessibility-widget

A
99

Free accessibility widget to support WCAG, ADA & EAA. Includes text resize, high contrast, dyslexia-friendly font, spacing, and more tools.

10K 1 CVE
Developer Profile

Accessiy by CodeConfig – Accessibility Widgets for ADA, EAA & WCAG Compliance Developer Profile

CodeConfig

6 plugins · 720 total installs

97
trust score
Avg Security Score
95/100
Avg Patch Time
7 days
View full developer profile
Detection Fingerprints

How We Detect Accessiy by CodeConfig – Accessibility Widgets for ADA, EAA & WCAG Compliance

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/codeconfig-accessibility/assets/css/frontend.css/wp-content/plugins/codeconfig-accessibility/assets/js/frontend.js
Script Paths
/wp-content/plugins/codeconfig-accessibility/assets/js/frontend.js
Version Parameters
codeconfig-accessibility/assets/css/frontend.css?ver=codeconfig-accessibility/assets/js/frontend.js?ver=

HTML / DOM Fingerprints

CSS Classes
codeconfig-accessibility-skip-link
Data Attributes
data-ccpca-settings
JS Globals
ccpca_get_template
FAQ

Frequently Asked Questions about Accessiy by CodeConfig – Accessibility Widgets for ADA, EAA & WCAG Compliance