Does jwp-a11y have any unpatched vulnerabilities?

Yes — jwp-a11y currently has 1 unpatched vulnerability. We recommend switching to an alternative or applying any available workarounds.

Is jwp-a11y compatible with WordPress 6.9.4?

According to WordPress.org data, jwp-a11y 5.2.3 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is jwp-a11y compatible with PHP 7.4+?

jwp-a11y requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is jwp-a11y updated?

jwp-a11y was last updated on Mar 8, 2026. Frequent updates are generally a positive security signal.

What is jwp-a11y's security score?

jwp-a11y has a WP-Safety security score of 79/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

jwp-a11y Security & Risk Analysis

wordpress.org/plugins/jwp-a11y

Check the accessibility of WordPress post content while editing.

100 active installs v5.2.3 PHP 7.4+ WP 6.0+ Updated Mar 8, 2026

accessibilitycheckerjis-x-8341-3wcag

B · Generally Safe

CVEs total1

Unpatched1

Last CVENov 12, 2024

Plugin page Download

Safety Verdict

Is jwp-a11y Safe to Use in 2026?

Mostly Safe

Score 79/100

jwp-a11y is generally safe to use. 1 past CVE were resolved. Keep it updated.

1 known CVE 1 unpatched Last CVE: Nov 12, 2024Updated 27d ago

Risk Assessment

The jwp-a11y plugin v5.2.3 exhibits a mixed security posture. On the positive side, it demonstrates strong practices in database interaction, with 100% of SQL queries using prepared statements and a high percentage (96%) of output being properly escaped. The plugin also correctly implements nonce and capability checks for most of its entry points.

However, significant concerns arise from its attack surface. Two AJAX handlers lack authentication checks, presenting a direct path for unauthenticated users to interact with potentially sensitive functionalities. Furthermore, a critical taint flow with an unsanitized path was identified, indicating a potential vulnerability where user-controlled input could be manipulated to achieve unintended consequences. The plugin's vulnerability history, including a recently discovered medium-severity Cross-Site Scripting (XSS) vulnerability, suggests a pattern of potential weaknesses that require ongoing vigilance.

In conclusion, while the plugin has strengths in secure coding practices for SQL and output handling, the presence of unprotected AJAX endpoints and a critical taint flow, coupled with past XSS vulnerabilities, elevate the overall risk. Users should be aware of these potential entry points for exploitation.

Key Concerns

Unprotected AJAX handlers
Critical taint flow with unsanitized path
1 unpatched CVE (medium severity XSS)
Large attack surface without auth checks

Vulnerabilities

jwp-a11y Security Vulnerabilities

CVEs by Year

1 CVE in 2024 · unpatched

2024

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2024-11190medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

jwp-a11y <= 4.1.7 - Authenticated (Administrator+) Stored Cross-Site Scripting

Nov 12, 2024Unpatched

Code Analysis

Analyzed Mar 16, 2026

jwp-a11y Code Analysis

Dangerous Functions

Raw SQL Queries

16 prepared

Unescaped Output

107 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Guzzle

SQL Query Safety

100% prepared16 total queries

Output Escaping

96% escaped112 total outputs

Data Flows

1 unsanitized

Data Flow Analysis

3 flows1 with unsanitized paths

renderEditScreenNotice (includes\class-editor-notices.php:16)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

2 unprotected

jwp-a11y Attack Surface

Entry Points5

Unprotected2

AJAX Handlers 2

authwp_ajax_jwp_a11y_noticeincludes\class-plugin.php:35

authwp_ajax_jwp_a11y_suppress_noticeincludes\class-plugin.php:36

Shortcodes 3

[jwp_a11y_results] includes\class-plugin.php:37

[jwp_a11y_doc] includes\class-plugin.php:38

[jwp_a11y_docs] includes\class-plugin.php:39

WordPress Hooks 9

actionadmin_noticesincludes\class-plugin.php:22

actionsave_postincludes\class-plugin.php:28

actionwp_after_insert_postincludes\class-plugin.php:29

actionadmin_noticesincludes\class-plugin.php:30

actionadmin_print_footer_scriptsincludes\class-plugin.php:31

actionadmin_enqueue_scriptsincludes\class-plugin.php:32

actionenqueue_block_editor_assetsincludes\class-plugin.php:33

actionwp_enqueue_scriptsincludes\class-plugin.php:34

actionadmin_menuincludes\class-plugin.php:40

Maintenance & Trust

jwp-a11y Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedMar 8, 2026

PHP min version7.4

Downloads9K

Community Trust

Rating100/100

Number of ratings1

Active installs100

Alternatives

jwp-a11y Alternatives

Accessibility Suite by Ability, Inc

online-accessibility

Version 4.20 License: GPLv2 or later License URI: http://www.gnu.org/licenses/gpl-2.0.html Donate link: Audit and update your WordPress website for AD …

600 7 CVEs

Web Accessibility Toolkit – ARIA Labels & Roles for WCAG & ADA Compliance

aria-accessibility-toolkit

100

Add ARIA labels, roles, alt tags, contrast & form accessibility fixes. Accessibility checker scans your site for WCAG & ADA compliance & fixes issues.

300 No CVEs

Sa11y, the accessibility quality assurance assistant | Accessibility Checker

sa11y

100

Geared towards content authors, Sa11y straightforwardly identifies accessibility issues at the source.

300 No CVEs

WebTechee AccessScan

accessibility-site-scanner

100

Run automated accessibility scans to detect common accessibility issues on your WordPress site.

0 No CVEs

Ally – Web Accessibility & Usability

pojo-accessibility

Ally: Make your site more inclusive by scanning for accessibility violations, fixing them easily, and adding a usability widget and accessibility stat …

500K 4 CVEs

Developer Profile

jwp-a11y Developer Profile

jidaikobo

5 plugins · 210 total installs

trust score

Avg Security Score

96/100

Avg Patch Time

1109 days

View full developer profile

Detection Fingerprints

How We Detect jwp-a11y

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/jwp-a11y/assets/css/frontend.css

HTML / DOM Fingerprints

Shortcode Output

[jwp_a11y_results][jwp_a11y_doc][jwp_a11y_docs]

FAQ