CVE-2026-1808 in Orange Confort+ Accessibility Toolbar Plugin
Summary
by MITRE • 02/06/2026
The Orange Confort+ accessibility toolbar for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'style' parameter of the ocplus_button shortcode in all versions up to, and including, 0.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Analysis
by VulDB Data Team • 02/06/2026
The vulnerability identified as CVE-2026-1808 affects the Orange Confort+ accessibility toolbar WordPress plugin, specifically targeting versions 0.7 and earlier. This represents a critical security flaw that undermines the integrity of WordPress sites using this accessibility tool. The vulnerability manifests through the 'style' parameter within the ocplus_button shortcode, creating a pathway for malicious actors to exploit the plugin's insufficient input validation mechanisms. The flaw exists in the plugin's handling of user-supplied data, where proper sanitization and output escaping procedures are absent or inadequate, allowing attackers to inject malicious scripts that persist within the application's database.
The technical exploitation of this vulnerability requires an authenticated attacker possessing at least Contributor-level privileges within the WordPress environment, which significantly reduces the barrier to successful exploitation. This access level is commonly granted to users who can publish posts, making the attack vector particularly concerning for sites with multiple contributors or less stringent permission controls. The stored cross-site scripting vulnerability operates by allowing the attacker to inject malicious JavaScript code through the vulnerable 'style' parameter, which gets stored in the database and executed whenever users access pages containing the injected content. This persistent nature of the vulnerability means that the malicious code will execute for any user who views the affected pages, potentially leading to widespread compromise.
From an operational impact perspective, this vulnerability creates significant risks for WordPress site administrators and their users. The stored XSS attack can be leveraged to perform various malicious activities including session hijacking, credential theft, defacement of content, and redirection to malicious websites. Attackers can exploit the vulnerability to steal administrative privileges, modify content, or even install malware on affected sites. The impact extends beyond individual user sessions to potentially compromise entire WordPress installations, especially when combined with other vulnerabilities or attack vectors within the same environment. The persistence of the stored script means that even if the initial attack is discovered and patched, the malicious code continues to execute for all affected users until manually removed from the database.
The vulnerability aligns with CWE-79 which defines Cross-Site Scripting as a weakness where untrusted data is sent to a user agent without proper validation or escaping. Additionally, this issue maps to ATT&CK technique T1546.001 which covers modifications to the Windows Registry, though in this context the malicious modifications occur through the web application rather than system-level registry changes. The attack chain typically involves an attacker with Contributor access creating a malicious post or page using the vulnerable shortcode, then waiting for other users to view the content, thereby executing the injected JavaScript code in their browsers. Organizations should immediately implement mitigations including updating to the latest plugin version, reviewing user permissions, and implementing content security policies to limit the potential impact of such attacks. Regular security audits and monitoring of user activities within WordPress environments are essential to detect and respond to similar vulnerabilities before they can be exploited by malicious actors.