WP-Safety

SOGO Accessibility Security & Risk Analysis

wordpress.org/plugins/sogo-accessibility

This plugin add accessibility menu to a WordPress Site, enable, black and white, contrasts, font size increase and more...

5K active installs v2.1 PHP + WP 3.0.1+ Updated Dec 15, 2019
accessibility
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is SOGO Accessibility Safe to Use in 2026?

Generally Safe

Score 85/100

SOGO Accessibility has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 6yr ago
Risk Assessment

The sogo-accessibility plugin v2.1 exhibits a mixed security posture. On the positive side, it demonstrates strong practices by not utilizing dangerous functions, having no raw SQL queries, and refraining from file operations or bundled libraries. The absence of recorded vulnerabilities in its history is also a good indicator. However, significant concerns arise from its attack surface and the handling of entry points.

The plugin has a single AJAX handler, and critically, this handler lacks any authentication or capability checks. This represents a direct and unprotected entry point into the plugin's functionality, making it a prime target for malicious actors. While taint analysis shows no identified flows, the lack of input validation and authorization on the AJAX endpoint means that any data passed to it could potentially be processed in an unsafe manner, even if specific exploit chains weren't automatically detected by the tools. The moderate rate of properly escaped output also suggests a potential for cross-site scripting (XSS) vulnerabilities if the unauthenticated AJAX handler is used to process user-supplied data that is then displayed elsewhere without adequate sanitization.

In conclusion, while the plugin's development appears to avoid common pitfalls like raw SQL and dangerous functions, the unprotected AJAX endpoint is a major security weakness. The lack of vulnerability history is encouraging but does not negate the immediate risk posed by this unauthenticated entry point. Developers should prioritize implementing proper authorization and input validation for all AJAX handlers to strengthen the plugin's security.

Key Concerns

  • Unprotected AJAX handler
  • Low percentage of properly escaped output
  • No nonce checks on AJAX handler
  • No capability checks on AJAX handler
Vulnerabilities
None known

SOGO Accessibility Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

SOGO Accessibility Release Timeline

No version history available.
Code Analysis
Analyzed Mar 16, 2026

SOGO Accessibility Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
29
37 escaped
Nonce Checks
0
Capability Checks
0
File Operations
0
External Requests
2
Bundled Libraries
0

Output Escaping

56% escaped66 total outputs
Attack Surface
1 unprotected

SOGO Accessibility Attack Surface

Entry Points1
Unprotected1

AJAX Handlers 1

authwp_ajax_check_licenseincludes\class-sogo_accessibility.php:180
WordPress Hooks 14
filtersogo_accessibility_settings_sanitize_textadmin\settings\class-sanitization-helper.php:45
filtersogo_accessibility_settings_sanitize_emailadmin\settings\class-sanitization-helper.php:46
filtersogo_accessibility_settings_sanitize_checkboxadmin\settings\class-sanitization-helper.php:47
filtersogo_accessibility_settings_sanitize_urladmin\settings\class-sanitization-helper.php:48
actionadmin_enqueue_scriptsincludes\class-sogo_accessibility.php:165
actionadmin_enqueue_scriptsincludes\class-sogo_accessibility.php:166
actionadmin_menuincludes\class-sogo_accessibility.php:168
actionadmin_initincludes\class-sogo_accessibility.php:178
actionadmin_initincludes\class-sogo_accessibility.php:179
actionacc_closeincludes\class-sogo_accessibility.php:201
actionwp_enqueue_scriptsincludes\class-sogo_accessibility.php:202
actionwp_enqueue_scriptsincludes\class-sogo_accessibility.php:203
actionwp_footerincludes\class-sogo_accessibility.php:204
filterwp_nav_menu_argspublic\class-sogo_accessibility-public.php:55
Maintenance & Trust

SOGO Accessibility Maintenance & Trust

Maintenance Signals

WordPress version tested5.3.21
Last updatedDec 15, 2019
PHP min version
Downloads38K

Community Trust

Rating82/100
Number of ratings8
Active installs5K
Alternatives

SOGO Accessibility Alternatives

Ally – Web Accessibility & Usability

Ally – Web Accessibility & Usability

pojo-accessibility

A
93

Ally: Make your site more inclusive by scanning for accessibility violations, fixing them easily, and adding a usability widget and accessibility stat …

500K 4 CVEs
Auto Image Attributes From Filename With Bulk Updater (Add Alt Text, Image Title For Image SEO)

Auto Image Attributes From Filename With Bulk Updater (Add Alt Text, Image Title For Image SEO)

auto-image-attributes-from-filename-with-bulk-updater

A
100

Automatically add Image Alt Text, Title, Caption and Description from Filename. Bulk update existing images. Great for Image SEO and Accessibility.

100K No CVEs
Accessibility by UserWay

Accessibility by UserWay

userway-accessibility-widget

A
100

UserWay’s Accessibility Widget creates a simpler and more accessible browsing experience for your users.

80K No CVEs
WP Accessibility

WP Accessibility

wp-accessibility

A
98

WP Accessibility fixes common accessibility issues in your WordPress site.

60K 2 CVEs
Accessibility Widget by OneTap – Easy One-Click Accessibility Toolbar

Accessibility Widget by OneTap – Easy One-Click Accessibility Toolbar

accessibility-onetap

A
100

OneTap is a multilingual WordPress plugin designed for seamless website accessibility.

40K No CVEs
Developer Profile

SOGO Accessibility Developer Profile

SOGO

4 plugins · 25K total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect SOGO Accessibility

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/sogo-accessibility/css/admin.css/wp-content/plugins/sogo-accessibility/js/admin.js
Script Paths
/wp-content/plugins/sogo-accessibility/js/admin.js
Version Parameters
sogo-accessibility/css/admin.css?ver=sogo-accessibility/js/admin.js?ver=

HTML / DOM Fingerprints

FAQ

Frequently Asked Questions about SOGO Accessibility