VYPR

ally

by WordPress

CVEs (1)

  • CVE-2025-10700MedOct 16, 2025
    risk 0.21cvss 4.3epss 0.00

    The Ally – Web Accessibility & Usability plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.8.0. This is due to missing or incorrect nonce validation on the enable_unfiltered_files_upload function. This makes it possible…