VulnTitan VulnTitan Security command center
Plugin Vulnerability Hub
Plugin 5 known issues Latest disclosed Aug 28, 2024

WP Accessibility Helper (WAH) Vulnerabilities

Review known vulnerability records for the WordPress plugin WP Accessibility Helper (WAH) (`wp-accessibility-helper`), including severity, CVE references, affected versions, and patch status.

Recent tracked CVEs on this page include CVE-2024-5987, CVE-2024-37926 and CVE-2024-31423, so operators can jump from disclosure to patch validation without scanning the full feed first.

View on WordPress.org Back to Feed
Known Records
5
High or Critical
0
Patch Coverage
100%
Last Updated
Aug 29, 2024
Priority CVE Quick Links

Fast paths into WP Accessibility Helper (WAH) CVE reports

Start with the highest-signal CVE records for this WordPress plugin before scanning the full vulnerability feed.

Indexed CVEs
5
CVE-2022-0150 Medium 0.6.0.7
CVE-2022-0150 WP Accessibility Helper (WAH) Cross-Site Scripting

WP Accessibility Helper <= 0.6.0.6 - Reflected Cross-Site Scripting via wahi

CVE-2024-5987 Medium 0.6.2.9
CVE-2024-5987 WP Accessibility Helper (WAH) Vulnerability

WP Accessibility Helper <= 0.6.2.8 - Missing Authorization to Authenticated (Subscriber+) Limited Settings Update

CVE-2024-37926 Medium 0.6.3
CVE-2024-37926 WP Accessibility Helper (WAH) Vulnerability

WP Accessibility Helper (WAH) <= 0.6.2.9 - Missing Authorization

CVE-2024-31423 Medium 0.6.2.6
CVE-2024-31423 WP Accessibility Helper (WAH) Vulnerability

WP Accessibility Helper (WAH) <= 0.6.2.5 - Missing Authorization

CVE-2023-41869 Medium 0.6.2.5
CVE-2023-41869 WP Accessibility Helper (WAH) Vulnerability

WP Accessibility Helper (WAH) <= 0.6.2.4 - Missing Authorization via AJAX action

Coverage Snapshot

What this page helps you verify fast

This hub clusters every indexed record for WP Accessibility Helper (WAH) so operators can confirm whether a disclosed issue maps to the installed slug, version range, and patch path.

Patch Visibility
5 records include a published patch path, leaving 0 with no listed safe release yet.
Severity Mix
0 critical and 0 high severity findings.
Recent CVEs
CVE-2024-5987, CVE-2024-37926 and CVE-2024-31423
Reference Workflow
Jump from the hub into the full report when you need remediation notes, exploit context, CVSS vectors, or source references.
Triage First

Open the records most likely to drive action

These recent records surface the CVE strings, patch cues, and direct report links most operators need first.

Known Vulnerabilities

Reports for WP Accessibility Helper (WAH)

Sorted by latest disclosure date so newly published issues surface first.

Plugin Medium Patched: Yes CVE-2024-5987
CVE-2024-5987: WP Accessibility Helper <= 0.6.2.8 - Missing Authorization to Authenticated (Subscriber+) Limited Settings Update

The WP Accessibility Helper (WAH) plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'save_contrast_variations' and 'save_empty_contrast_variations' functions in all versions up to, and including, 0.6.2.8. This makes i...

Published
Aug 28, 2024
Patched Release
0.6.2.9
Affected Versions
Versions up to 0.6.2.8
Next Step
Update to 0.6.2.9 or newer if supported.
Open CVE-2024-5987 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2024-37926
CVE-2024-37926: WP Accessibility Helper (WAH) <= 0.6.2.9 - Missing Authorization

The WP Accessibility Helper (WAH) plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the wah_update_image_alt() function in all versions up to, and including, 0.6.2.9. This makes it possible for unauthenticated attackers to update image...

Published
Jul 09, 2024
Patched Release
0.6.3
Affected Versions
Versions up to 0.6.2.9
Next Step
Update to 0.6.3 or newer if supported.
Open CVE-2024-37926 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2024-31423
CVE-2024-31423: WP Accessibility Helper (WAH) <= 0.6.2.5 - Missing Authorization

The WP Accessibility Helper (WAH) plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the update_attachment_alt() function in versions up to, and including, 0.6.2.5. This makes it possible for authenticated attackers, with...

Published
Apr 10, 2024
Patched Release
0.6.2.6
Affected Versions
Versions up to 0.6.2.5
Next Step
Update to 0.6.2.6 or newer if supported.
Open CVE-2024-31423 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2023-41869
CVE-2023-41869: WP Accessibility Helper (WAH) <= 0.6.2.4 - Missing Authorization via AJAX action

The WP Accessibility Helper (WAH) plugin for WordPress is vulnerable to unauthorized use of AJAX actions due to a missing capability check on the wah_update_attachment_title function in versions up to, and including, 0.6.2.4. This makes it possible for authenticated attackers, wi...

Published
Sep 05, 2023
Patched Release
0.6.2.5
Affected Versions
Versions up to 0.6.2.4
Next Step
Update to 0.6.2.5 or newer if supported.
Open CVE-2023-41869 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2022-0150
CVE-2022-0150: WP Accessibility Helper <= 0.6.0.6 - Reflected Cross-Site Scripting via wahi

The WP Accessibility Helper (WAH) WordPress plugin before 0.6.0.7 does not sanitise and escape the wahi parameter before outputting back its base64 decode value in the page, leading to a Reflected Cross-Site Scripting issue

Published
Jun 20, 2022
Patched Release
0.6.0.7
Affected Versions
Versions before 0.6.0.7
Next Step
Update to 0.6.0.7 or newer if supported.
Open CVE-2022-0150 Report Open CVE Reference