Does Accessibility Suite by Ability, Inc have any unpatched vulnerabilities?

No. All known vulnerabilities in Accessibility Suite by Ability, Inc have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Accessibility Suite by Ability, Inc compatible with WordPress 6.8.5?

According to WordPress.org data, Accessibility Suite by Ability, Inc 4.20 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

How often is Accessibility Suite by Ability, Inc updated?

Accessibility Suite by Ability, Inc was last updated on Aug 28, 2025. Frequent updates are generally a positive security signal.

What is Accessibility Suite by Ability, Inc's security score?

Accessibility Suite by Ability, Inc has a WP-Safety security score of 91/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Accessibility Suite by Ability, Inc Security & Risk Analysis

wordpress.org/plugins/online-accessibility

Version 4.20 License: GPLv2 or later License URI: http://www.gnu.org/licenses/gpl-2.0.html Donate link: Audit and update your WordPress website for AD …

600 active installs v4.20 PHP + WP + Updated Aug 28, 2025

accessibilityaccessibility-checkeradawcagwordpress-accessibility

A · Safe

CVEs total7

Unpatched0

Last CVEJun 5, 2025

Plugin page Download

Safety Verdict

Is Accessibility Suite by Ability, Inc Safe to Use in 2026?

Generally Safe

Score 91/100

Accessibility Suite by Ability, Inc has a strong security track record. Known vulnerabilities have been patched promptly.

7 known CVEsLast CVE: Jun 5, 2025Updated 7mo ago

Risk Assessment

The 'online-accessibility' plugin version 4.20 exhibits a mixed security posture. On the positive side, the plugin demonstrates strong adherence to secure coding practices with a very high percentage of prepared SQL statements and properly escaped output. The absence of dangerous functions and critical or high severity taint flows is also a good indicator. However, significant concerns arise from the substantial attack surface, particularly the 13 AJAX handlers and 5 REST API routes that lack authentication or permission checks. This creates numerous entry points that could be exploited by unauthenticated users.

The vulnerability history of this plugin is a major red flag. With a total of 7 known CVEs, including 4 high and 3 medium severity vulnerabilities, the plugin has a history of significant security flaws. While there are currently no unpatched vulnerabilities, the recurring nature of issues like Missing Authorization and SQL Injection suggests potential systemic weaknesses in the development process. The recent vulnerability dated 2025-06-05 indicates that new vulnerabilities can still be discovered or introduced.

In conclusion, while the code quality regarding SQL prepared statements and output escaping is commendable, the lack of proper authorization checks on a significant portion of its entry points and its problematic vulnerability history present considerable risks. The plugin needs to prioritize addressing these authorization gaps and demonstrate a more robust security development lifecycle to mitigate the risk of future high-severity vulnerabilities.

Key Concerns

13 AJAX handlers without auth checks
1 REST API route without permission callback
Total unprotected entry points: 14
4 known CVEs of high severity
3 known CVEs of medium severity
Bundled library: TCPDF
3 flows with unsanitized paths

Vulnerabilities

Accessibility Suite by Ability, Inc Security Vulnerabilities

CVEs by Year

1 CVE in 2019

2019

2 CVEs in 2023

2023

4 CVEs in 2025

2025

Patched Has unpatched

Severity Breakdown

High

Medium

7 total CVEs

CVE-2025-30636medium · 4.3Missing Authorization

Accessibility Suite <= 4.19 - Missing Authorization

Jun 5, 2025 Patched in 4.20 (267d)

CVE-2025-32650medium · 6.5Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Accessibility Suite by Online ADA <= 4.18 - Authenticated (Subscriber+) SQL Injection

Apr 9, 2025 Patched in 4.19 (38d)

CVE-2025-32215high · 8.8Unrestricted Upload of File with Dangerous Type

Accessibility Suite by Online ADA <= 4.18 - Authenticated (Subscriber+) Arbitrary File Upload

Apr 7, 2025 Patched in 4.19 (40d)

CVE-2025-22698medium · 6.3Missing Authorization

Accessibility Suite by Ability, Inc <= 4.18 - Missing Authorization

Jan 31, 2025 Patched in 4.19 (106d)

CVE-2023-45830high · 8.8Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Accessibility Suite by Online ADA <= 4.12 - Authenticated (Subscriber+) SQL Injection

Oct 13, 2023 Patched in 4.13 (378d)

CVE-2022-47420high · 8.8Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Accessibility Suite by Online ADA <= 4.12 - Authenticated (Subscriber+) SQL Injection

Apr 19, 2023 Patched in 4.12 (279d)

WF-c6b395b1-c6fb-4ab9-b446-cba9e32ca65d-online-accessibilityhigh · 8.8Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Accessibility Suite by Online ADA < 2.0.11 - SQL Injection

Feb 13, 2019 Patched in 2.0.11 (1805d)

Code Analysis

Analyzed Mar 16, 2026

Accessibility Suite by Ability, Inc Code Analysis

Dangerous Functions

Raw SQL Queries

29 prepared

Unescaped Output

210 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

TCPDF

SQL Query Safety

97% prepared30 total queries

Output Escaping

99% escaped212 total outputs

Data Flows

3 unsanitized

Data Flow Analysis

10 flows3 with unsanitized paths

save_filter (includes\ajax_functions\core.php:294)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

14 unprotected

Accessibility Suite by Ability, Inc Attack Surface

Entry Points18

Unprotected14

AJAX Handlers 13

authwp_ajax__oadaas__get_scan_detailsincludes\ajax_functions\core.php:9

authwp_ajax__oadaas__dismiss_scanincludes\ajax_functions\core.php:101

authwp_ajax__oadaas__update_progress_metaboxincludes\ajax_functions\core.php:127

authwp_ajax__oadaas__save_chunksincludes\ajax_functions\core.php:169

authwp_ajax__oadaas__empty_resultsincludes\ajax_functions\core.php:238

authwp_ajax__oadaas__mark_completeincludes\ajax_functions\core.php:270

authwp_ajax__oadaas__update_filter_stepincludes\ajax_functions\core.php:446

authwp_ajax__oadaas__dismiss_free_bannerincludes\ajax_functions\core.php:471

authwp_ajax__oadaas__get_scan_resultsincludes\ajax_functions\core.php:517

authwp_ajax_oada__regenerate_sitemapincludes\ajax_functions\sitemap.php:4

authwp_ajax_oada__save_sitemapincludes\ajax_functions\sitemap.php:39

authwp_ajax_oada__parse_uploadincludes\ajax_functions\sitemap.php:76

authwp_ajax__oadaas__dismiss_noticeincludes\install-notice.php:47

REST API Routes 5

POST/wp-json/accessibility-suite/v1/update-optionsincludes\classes\Api\Admin.php:16

POST/wp-json/accessibility-suite/v1/get-optionsincludes\classes\Api\Admin.php:23

POST/wp-json/accessibility-suite/v1/check-licenseincludes\classes\Api\Admin.php:30

POST/wp-json/accessibility-suite/v1/activate-licenseincludes\classes\Api\Admin.php:37

GET/wp-json/ada-plugin/v1/pagecsvincludes\rest_routes\csv-routes.php:9

WordPress Hooks 35

actionrest_api_initincludes\classes\Api\Admin.php:12

actionadmin_initincludes\classes\Helper.php:8

actionadmin_menuincludes\classes\Menus.php:12

actionadmin_noticesincludes\classes\Menus.php:13

actionplugins_loadedincludes\classes\Services\Updater.php:15

filtersite_transient_update_pluginsincludes\classes\Services\Updater.php:17

actionupgrader_process_completeincludes\classes\Services\Updater.php:19

actioncore_upgrade_preambleincludes\classes\Services\Updater.php:21

actionsave_postincludes\core-functions.php:67

actionsave_postincludes\core-functions.php:112

actionbefore_delete_postincludes\core-functions.php:297

filtercustom_menu_orderincludes\core-functions.php:342

actionadmin_menuincludes\core-functions.php:387

actionpre_get_postsincludes\core-functions.php:417

filterscript_loader_tagincludes\enqueue.php:59

actionadmin_enqueue_scriptsincludes\enqueue.php:106

actionwp_enqueue_scriptsincludes\enqueue.php:125

actionadmin_enqueue_scriptsincludes\enqueue.php:144

actionadmin_enqueue_scriptsincludes\enqueue.php:147

actionwp_enqueue_scriptsincludes\enqueue.php:160

actionadmin_noticesincludes\install-notice.php:31

actionadmin_menuincludes\menu.php:71

actionadmin_noticesincludes\menu.php:134

actioninitincludes\post-type.php:63

actionadmin_enqueue_scriptsincludes\post-type.php:71

actionadd_meta_boxesincludes\post-type.php:152

filterdisplay_post_statesincludes\post-type.php:254

actionsave_postincludes\post-type.php:279

actionsave_postincludes\post-type.php:281

actionrest_api_initincludes\rest_routes\csv-routes.php:6

actionfuture_to_draftincludes\schedule.php:58

actionfuture_to_privateincludes\schedule.php:59

actionfuture_to_publishincludes\schedule.php:60

actionsave_postincludes\schedule.php:136

actionadmin_initindex.php:164

Maintenance & Trust

Accessibility Suite by Ability, Inc Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedAug 28, 2025

PHP min version

Downloads30K

Community Trust

Rating78/100

Number of ratings8

Active installs600

Alternatives

Accessibility Suite by Ability, Inc Alternatives

Web Accessibility by accessiBe

accessibe

Fix accessibility issues & make your site accessible with an AI-powered accessibility service.

10K 5 CVEs

Accessibility Enabler

accessibility-enabler

100

This plugin increases compliance with WCAG 2.0, ADA , Section 508 without changing your website’s existing code.

300 No CVEs

Web Accessibility Toolkit – ARIA Labels & Roles for WCAG & ADA Compliance

aria-accessibility-toolkit

100

Add ARIA labels, roles, alt tags, contrast & form accessibility fixes. Accessibility checker scans your site for WCAG & ADA compliance & fixes issues.

300 No CVEs

Accessibility by UserWay

userway-accessibility-widget

100

UserWay’s Accessibility Widget creates a simpler and more accessible browsing experience for your users.

80K No CVEs

Accessibility Widget by OneTap – Easy One-Click Accessibility Toolbar

accessibility-onetap

100

OneTap is a multilingual WordPress plugin designed for seamless website accessibility.

40K No CVEs

Developer Profile

Accessibility Suite by Ability, Inc Developer Profile

Ability, Inc

2 plugins · 2K total installs

trust score

Avg Security Score

84/100

Avg Patch Time

379 days

View full developer profile

Detection Fingerprints

How We Detect Accessibility Suite by Ability, Inc

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/online-accessibility/admin/assets/js/admin.js/wp-content/plugins/online-accessibility/admin/assets/css/admin.css/wp-content/plugins/online-accessibility/admin/assets/js/guidelines.js/wp-content/plugins/online-accessibility/dist/license.min.js/wp-content/plugins/online-accessibility/dist/license.js

Script Paths

/wp-content/plugins/online-accessibility/admin/assets/js/admin.js/wp-content/plugins/online-accessibility/admin/assets/js/guidelines.js/wp-content/plugins/online-accessibility/dist/license.min.js/wp-content/plugins/online-accessibility/dist/license.js

Version Parameters

online-accessibility/admin/assets/js/admin.js?ver=online-accessibility/admin/assets/css/admin.css?ver=online-accessibility/admin/assets/js/guidelines.js?ver=online-accessibility/dist/license.min.js?ver=online-accessibility/dist/license.js?ver=

HTML / DOM Fingerprints

JS Globals

ada_plugindata_license

REST Endpoints

/wp-json/wp/v2/users

FAQ