Can you explain this vulnerability to me?

This vulnerability is a Missing Authorization issue in the Equalize Digital Accessibility Checker plugin for WordPress, affecting versions up to 1.31.0. It occurs because certain functions lack proper authorization, authentication, or nonce token checks, allowing users with low-level privileges (subscriber-level) to perform actions that should be restricted to higher-privileged roles. This is classified as a broken access control vulnerability. [1]

Useful 0 Not Useful 0

How can this vulnerability impact me? :

The vulnerability allows users with subscriber-level privileges to perform unauthorized actions reserved for higher-privileged roles, potentially leading to unauthorized access or changes within the plugin's functionality. Although the risk is considered low priority and exploitation is unlikely, it could still compromise the integrity of access controls in the system. [1]

Useful 0 Not Useful 0

What immediate steps should I take to mitigate this vulnerability?

To mitigate this vulnerability, you should update the WordPress Accessibility Checker plugin by Equalize Digital to version 1.31.1 or later, as these versions include a fix for the broken access control issue. As an interim measure, you can use Patchstack's virtual patching (vPatching) service, which automatically mitigates the vulnerability even before official patches are applied. Avoid allowing subscriber-level users to perform actions reserved for higher-privileged roles until the update or virtual patch is applied. [1]

Useful 0 Not Useful 0