WP-Safety

Max Access – DEPRECATED (new plugin available) Security & Risk Analysis

wordpress.org/plugins/max-access

Version 2.0.0 Requires PHP: ^5.6 License: GPLv2 or later License URI: http://www.gnu.org/licenses/gpl-2.0.html Add front-end WCAG compliant accessibi …

10 active installs v2.0.0 PHP 7.4+ WP 5.7+ Updated May 15, 2024
accessibilityaccessibility-toolbarwcagweb-accessibilitywordpress-accessibility
92
A · Safe
CVEs total0
Unpatched0
Last CVENever
Download
Safety Verdict

Is Max Access – DEPRECATED (new plugin available) Safe to Use in 2026?

Generally Safe

Score 92/100

Max Access – DEPRECATED (new plugin available) has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2yr ago
Risk Assessment

The "max-access" v2.0.0 plugin exhibits a mixed security posture. On the positive side, it demonstrates good practices by avoiding dangerous functions, using prepared statements for all SQL queries, and having no recorded vulnerabilities. However, the plugin has a significant security concern due to its attack surface. It exposes one AJAX handler without any authentication or capability checks, making it a prime target for unauthorized actions. This lack of protection on a critical entry point is a major weakness.

The taint analysis revealed one flow with an unsanitized path, which is a serious concern even without a critical or high severity rating. This suggests that user-supplied data might be processed in an unsafe manner, potentially leading to vulnerabilities if exploited. The absence of nonce checks on the unprotected AJAX handler further exacerbates this risk, as it facilitates Cross-Site Request Forgery (CSRF) attacks.

While the plugin's vulnerability history is clean, indicating good development practices historically, the current static analysis results highlight immediate and actionable security risks. The combination of an unprotected AJAX endpoint, an unsanitized path flow, and a lack of nonce checks creates a substantial security gap that needs to be addressed to improve the plugin's overall security.

Key Concerns

  • Unprotected AJAX handler
  • Flow with unsanitized path
  • Missing nonce checks on AJAX
  • Output escaping (50% proper)
Vulnerabilities
None known

Max Access – DEPRECATED (new plugin available) Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Max Access – DEPRECATED (new plugin available) Release Timeline

v2.0.0Current
v1.0.9
v1.0.7
v1.0.6
v1.0.5
v1.0.4
v1.0.3
v1.0.2
v1.0.1
v1.0.0
Code Analysis
Analyzed Apr 16, 2026

Max Access – DEPRECATED (new plugin available) Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
1
1 escaped
Nonce Checks
0
Capability Checks
1
File Operations
0
External Requests
2
Bundled Libraries
0

Output Escaping

50% escaped2 total outputs
Data Flows · Security
1 unsanitized

Data Flow Analysis

2 flows1 with unsanitized paths
get_licenses2 (index.php:99)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
1 unprotected

Max Access – DEPRECATED (new plugin available) Attack Surface

Entry Points1
Unprotected1

AJAX Handlers 1

authwp_ajax_get_licensesindex.php:97
WordPress Hooks 4
filterscript_loader_tagindex.php:40
actioninitindex.php:49
actionadmin_menuindex.php:75
actionwp_loadedindex.php:129
Maintenance & Trust

Max Access – DEPRECATED (new plugin available) Maintenance & Trust

Maintenance Signals

WordPress version tested6.5.8
Last updatedMay 15, 2024
PHP min version7.4
Downloads2K

Community Trust

Rating0/100
Number of ratings0
Active installs10
Alternatives

Max Access – DEPRECATED (new plugin available) Alternatives

Web Accessibility by accessiBe

Web Accessibility by accessiBe

accessibe

A
95

Fix accessibility issues & make your site accessible with an AI-powered accessibility service.

10K 5 CVEs
Web Accessibility with Max Access

Web Accessibility with Max Access

accessibility-toolbar

B
76

The ultimate web accessibility plugin. Leverages AI to scan your site, fix website code, and improve SEO. Includes the web accessibility toolbar.

900 1 unpatched
Accessibility Enabler

Accessibility Enabler

accessibility-enabler

A
100

This plugin increases compliance with WCAG 2.0, ADA , Section 508 without changing your website’s existing code.

300 No CVEs
Ally – Web Accessibility & Usability

Ally – Web Accessibility & Usability

pojo-accessibility

A
93

Ally: Make your site more inclusive by scanning for accessibility violations, fixing them easily, and adding a usability widget and accessibility stat …

500K 4 CVEs
Accessibility Widget by OneTap – Easy One-Click Accessibility Toolbar

Accessibility Widget by OneTap – Easy One-Click Accessibility Toolbar

accessibility-onetap

A
100

OneTap is a multilingual WordPress plugin designed for seamless website accessibility.

40K No CVEs
Developer Profile

Max Access – DEPRECATED (new plugin available) Developer Profile

Ability, Inc

3 plugins · 2K total installs

62
trust score
Avg Security Score
76/100
Avg Patch Time
379 days
View full developer profile
Detection Fingerprints

How We Detect Max Access – DEPRECATED (new plugin available)

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/max-access/src/admin.js/wp-content/plugins/max-access/src/style.css
Script Paths
/wp-content/plugins/max-access/src/admin.js

HTML / DOM Fingerprints

JS Globals
ajax_objectoada_ma_license_keyoada_ma_license_url
Shortcode Output
<div id="oada_accessibility_toolbar_admin"></div>
FAQ

Frequently Asked Questions about Max Access – DEPRECATED (new plugin available)