Sa11y, the accessibility quality assurance assistant | Accessibility Checker Security & Risk Analysis

wordpress.org/plugins/sa11y

Geared towards content authors, Sa11y straightforwardly identifies accessibility issues at the source.

300 active installs v1.2.7 PHP 7.2+ WP 5.6+ Updated Dec 18, 2025

accessibilityaccessibility-automated-testingaccessibility-checkerauditwcag

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Sa11y, the accessibility quality assurance assistant | Accessibility Checker Safe to Use in 2026?

Generally Safe

Score 100/100

Sa11y, the accessibility quality assurance assistant | Accessibility Checker has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 3mo ago

Risk Assessment

The "sa11y" plugin v1.2.7 exhibits a strong security posture based on the provided static analysis. The complete absence of known CVEs and a clean vulnerability history suggest a well-maintained and secure plugin. The code analysis reveals excellent practices in output escaping, with 99% of outputs properly handled, and a significant number of capability checks and a nonce check, which are crucial for preventing unauthorized access and actions. The lack of file operations and external HTTP requests further reduces potential attack vectors.

However, a notable concern is the presence of SQL queries that are not using prepared statements. With 2 total SQL queries and 0% using prepared statements, this represents a significant risk of SQL injection vulnerabilities. While the taint analysis reported no unsanitized paths, the absence of prepared statements in any SQL query is a direct indicator of potential insecurity that could be exploited if input is not meticulously sanitized before reaching the database.

In conclusion, while the plugin demonstrates strengths in many areas of security, particularly in output escaping and overall lack of historical vulnerabilities, the handling of SQL queries is a critical weakness. Addressing the non-prepared SQL queries should be the immediate priority to mitigate the risk of SQL injection.

Key Concerns

SQL queries not using prepared statements

Vulnerabilities

None known

Sa11y, the accessibility quality assurance assistant | Accessibility Checker Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Sa11y, the accessibility quality assurance assistant | Accessibility Checker Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

229 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

0% prepared2 total queries

Output Escaping

99% escaped231 total outputs

Attack Surface

Sa11y, the accessibility quality assurance assistant | Accessibility Checker Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 17

actionadmin_menuadmin\admin.php:25

actionadmin_initadmin\admin.php:46

actionadmin_initadmin\admin.php:283

actionnetwork_admin_menuadmin\network-admin.php:35

actionnetwork_admin_menuadmin\network-admin.php:329

actionnetwork_admin_edit_sa11y_update_network_optionsadmin\network-admin.php:680

actionwp_headincludes\functions.php:132

actionwp_enqueue_scriptsincludes\functions.php:198

actionwp_footerincludes\functions.php:440

actionadmin_enqueue_scriptsincludes\functions.php:445

actionnetwork_admin_enqueue_scriptsincludes\functions.php:446

actionadmin_footerincludes\functions.php:454

actionplugins_loadedsa11y-wp.php:137

actioninitsa11y-wp.php:141

actionplugins_loadedsa11y-wp.php:143

actionplugins_loadedsa11y-wp.php:147

actionplugins_loadedsa11y-wp.php:150

Maintenance & Trust

Sa11y, the accessibility quality assurance assistant | Accessibility Checker Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedDec 18, 2025

PHP min version7.2

Downloads15K

Community Trust

Rating100/100

Number of ratings1

Active installs300

Alternatives

Sa11y, the accessibility quality assurance assistant | Accessibility Checker Alternatives

Accessibility Suite by Ability, Inc

online-accessibility

Version 4.20 License: GPLv2 or later License URI: http://www.gnu.org/licenses/gpl-2.0.html Donate link: Audit and update your WordPress website for AD …

600 7 CVEs

Web Accessibility Toolkit – ARIA Labels & Roles for WCAG & ADA Compliance

aria-accessibility-toolkit

100

Add ARIA labels, roles, alt tags, contrast & form accessibility fixes. Accessibility checker scans your site for WCAG & ADA compliance & fixes issues.

300 No CVEs

XCompliant – Accessibility Scan & Audit

xcompliant

100

XCompliant is an accessibility scanning and audit plugin designed to help WordPress site owners identify common accessibility issues and improve usabi …

300 No CVEs

WebTechee AccessScan

accessibility-site-scanner

100

Run automated accessibility scans to detect common accessibility issues on your WordPress site.

0 No CVEs

Wally Monitor

wally-monitor

100

Complete accessibility auditing tool for WordPress. Scan your entire site for WCAG 2.1 compliance issues and improve SEO rankings.

0 No CVEs

Developer Profile

Sa11y, the accessibility quality assurance assistant | Accessibility Checker Developer Profile

Adam Chaboryk

1 plugin · 300 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Sa11y, the accessibility quality assurance assistant | Accessibility Checker

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/sa11y/assets/css/sa11y-wp-admin.css

Version Parameters

sa11y/style.css?ver=sa11y-wp/style.css?ver=

HTML / DOM Fingerprints

CSS Classes

sa11y-wrapper

Data Attributes

data-sa11y-targetdata-sa11y-message

JS Globals

sa11y

FAQ