WP-Safety

Accessibly – WordPress Website Accessibility Security & Risk Analysis

wordpress.org/plugins/otm-accessibly

Accessibly app is a WordPress accessibility plugin that will help your website become accessible to even more of your site visitors.

400 active installs v3.0.3 PHP 7.0+ WP 5.5+ Updated Nov 26, 2024
accessibilityaccessibleadawcagweb-accessibility
67
C · Use Caution
CVEs total1
Unpatched1
Last CVEApr 14, 2026
Plugin page Download
Safety Verdict

Is Accessibly – WordPress Website Accessibility Safe to Use in 2026?

Use With Caution

Score 67/100

Accessibly – WordPress Website Accessibility has 1 unpatched vulnerability. Evaluate alternatives or apply available mitigations.

1 known CVE 1 unpatched Last CVE: Apr 14, 2026Updated 1yr ago
Risk Assessment

The otm-accessibly v3.0.3 plugin exhibits a strong security posture based on the provided static analysis. The complete absence of AJAX handlers, REST API routes, shortcodes, and cron events significantly limits the plugin's attack surface. Furthermore, the code adheres to secure coding practices with 100% of SQL queries utilizing prepared statements and all output being properly escaped. The presence of Guzzle as a bundled library is noted, but without information on its version, its security implications cannot be definitively assessed. The lack of any recorded vulnerabilities, including CVEs, further contributes to its perceived safety.

However, the analysis does reveal a notable lack of security checks. Specifically, there are no nonce checks and no capability checks. While the limited attack surface might mitigate the immediate risk, the absence of these fundamental security mechanisms on any potential future entry points or internal functions could become a significant concern if the plugin's functionality or entry points were to expand. This reliance on the absence of vulnerabilities rather than robust preventative measures is a weakness. The vulnerability history is a strength, indicating a historically secure plugin, but it doesn't negate the importance of implementing basic security checks.

In conclusion, otm-accessibly v3.0.3 appears to be a secure plugin due to its minimal attack surface and adherence to safe coding practices in its current implementation. The absence of known vulnerabilities is a positive indicator. Nevertheless, the lack of nonce and capability checks presents a latent risk. If the plugin were to be expanded or its usage context changed, these missing checks could expose it to vulnerabilities. It is recommended to consider implementing these basic security measures to further harden the plugin against potential future threats.

Key Concerns

  • Missing nonce checks
  • Missing capability checks
  • Bundled library (Guzzle) version unknown
Vulnerabilities
1 published

Accessibly – WordPress Website Accessibility Security Vulnerabilities

CVEs by Year

1 CVE in 2026 · unpatched
2026
Patched Has unpatched

Severity Breakdown

High
1

1 total CVE

CVE-2026-3643high · 7.2Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Accessibly <= 3.0.3 - Missing Authorization to Unauthenticated Stored Cross-Site Scripting via Widget Source Injection via REST API

Apr 14, 2026Unpatched
Version History

Accessibly – WordPress Website Accessibility Release Timeline

v3.0.3Current1 CVE
CVE-2026-3643
v3.0.21 CVE
CVE-2026-3643
v2.7.71 CVE
CVE-2026-3643
v2.7.61 CVE
CVE-2026-3643
v2.7.11 CVE
CVE-2026-3643
v2.01 CVE
CVE-2026-3643
Code Analysis
Analyzed Mar 16, 2026

Accessibly – WordPress Website Accessibility Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
0
12 escaped
Nonce Checks
0
Capability Checks
0
File Operations
2
External Requests
0
Bundled Libraries
1

Bundled Libraries

Guzzle

Output Escaping

100% escaped12 total outputs
Attack Surface

Accessibly – WordPress Website Accessibility Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 19
actionwp_enqueue_scriptspublic\AccessiblyApp.php:19
actionadmin_initpublic\admin\AdminApp.php:16
actionadmin_enqueue_scriptspublic\admin\AdminApp.php:17
actionadmin_menupublic\admin\AdminApp.php:18
actionotm_ac_redirectpublic\admin\AdminApp.php:20
actionotm_ac_activatepublic\admin\AdminApp.php:21
actionrest_api_initpublic\ApiLoader.php:7
actionwp_enqueue_scriptstrunk\public\AccessiblyApp.php:19
actionadmin_inittrunk\public\admin\AdminApp.php:16
actionadmin_enqueue_scriptstrunk\public\admin\AdminApp.php:17
actionadmin_menutrunk\public\admin\AdminApp.php:18
actionotm_ac_redirecttrunk\public\admin\AdminApp.php:20
actionotm_ac_activatetrunk\public\admin\AdminApp.php:21
actionadmin_inittrunk\public\admin_deprecated\AdminApp.php:16
actionadmin_enqueue_scriptstrunk\public\admin_deprecated\AdminApp.php:17
actionadmin_menutrunk\public\admin_deprecated\AdminApp.php:18
actionotm_ac_redirecttrunk\public\admin_deprecated\AdminApp.php:20
actionotm_ac_activatetrunk\public\admin_deprecated\AdminApp.php:21
actionrest_api_inittrunk\public\ApiLoader.php:7
Maintenance & Trust

Accessibly – WordPress Website Accessibility Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5
Last updatedNov 26, 2024
PHP min version7.0
Downloads12K

Community Trust

Rating90/100
Number of ratings8
Active installs400
Alternatives

Accessibly – WordPress Website Accessibility Alternatives

BreakoutADA Website Accessibility

BreakoutADA Website Accessibility

breakoutada

A
100

Website ADA Accessibility Plugin

10 No CVEs
Accessibility Widget by OneTap – Easy One-Click Accessibility Toolbar

Accessibility Widget by OneTap – Easy One-Click Accessibility Toolbar

accessibility-onetap

A
100

OneTap is a multilingual WordPress plugin designed for seamless website accessibility.

40K No CVEs
Web Accessibility by accessiBe

Web Accessibility by accessiBe

accessibe

A
95

Fix accessibility issues & make your site accessible with an AI-powered accessibility service.

10K 5 CVEs
AccessYes Accessibility Widget for ADA, EAA & WCAG Readiness

AccessYes Accessibility Widget for ADA, EAA & WCAG Readiness

accessibility-widget

A
100

Free WordPress accessibility widget to improve accessibility for your website visitors. Supports efforts towards meeting WCAG, ADA & EAA requirements.

10K 1 CVE
Accessibility Tools & Alt Text Finder

Accessibility Tools & Alt Text Finder

tool-for-ada-section-508-and-seo

A
100

Accessibility Tools Included: Missing Alt text finder, contrast checker, WCAG 3.0 checklist, automated testing software and a ton of free resources.

3K No CVEs
Developer Profile

Accessibly – WordPress Website Accessibility Developer Profile

On The Map Marketing

1 plugin · 400 total installs

71
trust score
Avg Security Score
67/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Accessibly – WordPress Website Accessibility

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/otm-accessibly/frontend/build/js/runtime.js/wp-content/plugins/otm-accessibly/frontend/build/js/app.js/wp-content/plugins/otm-accessibly/frontend/build/css/app.css/wp-content/plugins/otm-accessibly/public/assets/images/
Script Paths
/wp-content/plugins/otm-accessibly/frontend/build/js/runtime.js/wp-content/plugins/otm-accessibly/frontend/build/js/app.js
Version Parameters
otm-accessibly/frontend/build/js/runtime.js?ver=otm-accessibly/frontend/build/js/app.js?ver=otm-accessibly/frontend/build/css/app.css?ver=accessibly-app?ver=

HTML / DOM Fingerprints

CSS Classes
accessibly-app
Data Attributes
data-accessibly-app
JS Globals
accessiblyConfig
FAQ

Frequently Asked Questions about Accessibly – WordPress Website Accessibility