CVE-2026-2362 in WP Accessibility Pluginالمعلومات

الملخص

بحسب MITRE • 27/02/2026

The WP Accessibility plugin for WordPress is vulnerable to Stored DOM-Based Cross-Site Scripting via the 'alt' attribute of images processed by the "Long Description UI" feature in all versions up to, and including, 2.3.1. This is due to the plugin's JavaScript retrieving the alt attribute using getAttribute() and unsafely concatenating it into innerHTML and insertAdjacentHTML calls without proper sanitization or escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Exploitation requires the "Long Description UI" setting to be enabled and set to "Link to description."

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

إفشاء

27/02/2026

الاعتدال

تمت الموافقة

إدخال

VDB-348047

CPE

جاهز

CWE

CWE-79 (مؤكد)

CVSS

3.5 (VulDB)

EPSS

0.00054

KEV

لا

النشاطات

منخفض جدًا

القطاع

Hostingprovider

المصادر

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-2362
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-2362
CVE Details	https://www.cvedetails.com/cve/CVE-2026-2362/

التالي ▸نظرة عامة ◂ السابق

Do you know our Splunk app?

Download it now for free!