VYPR

AccessAlly

by WordPress

CVEs (2)

  • CVE-2020-36875CriJan 9, 2026
    risk 0.60cvss epss 0.01

    AccessAlly WordPress plugin versions prior to 3.3.2 contain an unauthenticated arbitrary PHP code execution vulnerability in the Login Widget. The plugin processes the login_error parameter as PHP code, allowing an attacker to supply and execute arbitrary PHP in the context of…

  • CVE-2021-24226Apr 12, 2021
    risk 0.02cvss epss 0.05

    In the AccessAlly WordPress plugin before 3.5.7, the file "resource/frontend/product/product-shortcode.php" responsible for the [accessally_order_form] shortcode is dumping serialize($_SERVER), which contains all environment variables. The leakage occurs on all public facing…