CVE-2025-58981

The Accessibility Checker by Equalize Digital plugin for WordPress versions up to and including 1.31.0 contains a missing authorization vulnerability. This flaw stems from incorrectly configured access control security levels, allowing exploitation of broken access control mechanisms [1].

Attackers can exploit this vulnerability without requiring authentication or elevated privileges, as the plugin fails to properly verify user permissions for certain functions. This makes it possible for unauthenticated or low-privilege users to perform actions that should be restricted to higher-privileged roles [1]. Successful exploitation could allow an attacker to access or modify sensitive settings or data within the plugin, potentially leading to further compromise of the WordPress site. The vulnerability is considered low severity but is known to be used in mass-exploit campaigns targeting thousands of websites [1]. The issue has been addressed in version 1.31.1 of the plugin. Users are strongly advised to update immediately. If updating is not possible, contacting the hosting provider or a web developer for assistance is recommended. Patchstack users can enable auto-updates for vulnerable plugins [1].