{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-15T15:12:49.776","vulnerabilities":[{"cve":{"id":"CVE-2026-2413","sourceIdentifier":"security@wordfence.com","published":"2026-03-11T05:18:01.063","lastModified":"2026-04-22T21:27:27.950","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Ally – Web Accessibility & Usability plugin for WordPress is vulnerable to SQL Injection via the URL path in all versions up to, and including, 4.0.3. This is due to insufficient escaping on the user-supplied URL parameter in the `get_global_remediations()` method, where it is directly concatenated into an SQL JOIN clause without proper sanitization for SQL context. While `esc_url_raw()` is applied for URL safety, it does not prevent SQL metacharacters (single quotes, parentheses) from being injected. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database via time-based blind SQL injection techniques. The Remediation module must be active, which requires the plugin to be connected to an Elementor account."},{"lang":"es","value":"El plugin Ally – Web Accessibility &amp; Usability para WordPress es vulnerable a inyección SQL a través de la ruta URL en todas las versiones hasta la 4.0.3, inclusive. Esto se debe a un escape insuficiente en el parámetro URL proporcionado por el usuario en el método `get_global_remediations()`, donde se concatena directamente en una cláusula SQL JOIN sin una sanitización adecuada para el contexto SQL. Si bien se aplica `esc_url_raw()` para la seguridad de la URL, no evita que se inyecten metacaracteres SQL (comillas simples, paréntesis). Esto hace posible que atacantes no autenticados añadan consultas SQL adicionales a consultas ya existentes que pueden usarse para extraer información sensible de la base de datos a través de técnicas de inyección SQL ciega basada en tiempo. El módulo de remediación debe estar activo, lo que requiere que el plugin esté conectado a una cuenta de Elementor."}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/pojo-accessibility/tags/4.0.3/modules/remediation/classes/utils.php#L17","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/pojo-accessibility/tags/4.0.3/modules/remediation/database/remediation-entry.php#L215","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset/3467513/pojo-accessibility/trunk/modules/remediation/database/remediation-entry.php","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/00e070b7-bdf6-4a80-a3ee-628243f1cc25?source=cve","source":"security@wordfence.com"}]}}]}