Description
WordPress Plugin AccessAlly is prone to a vulnerability that lets remote attackers execute arbitrary code because the application fails to sanitize user-supplied input. Attackers can exploit this issue to execute arbitrary PHP code within the context of the affected webserver process. WordPress Plugin AccessAlly version 3.3.1 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 3.3.2 or latest
References
Related Vulnerabilities
WordPress Plugin Groundhogg-Marketing Automation & CRM for WordPress Cross-Site Scripting (2.0.8.1)
Moodle Improper Input Validation Vulnerability (CVE-2011-4582)
WordPress 4.5.x Multiple Vulnerabilities (4.5 - 4.5.22)
phpMyAdmin Permissions, Privileges, and Access Controls Vulnerability (CVE-2016-9849)
SharePoint Deserialization of Untrusted Data Vulnerability (CVE-2025-30382)