CVE-2025-58981: 
WordPress vulnerability analysis and mitigation

A Missing Authorization vulnerability (CVE-2025-58981) was discovered in Equalize Digital Accessibility Checker affecting versions through 1.31.0. The vulnerability was disclosed on September 9, 2025, and was identified by Certus Cybersecurity. This security issue affects the WordPress plugin's access control implementation (Patchstack).

The vulnerability is classified as a Missing Authorization (CWE-862) issue that allows exploiting incorrectly configured access control security levels. It received a CVSS v3.1 base score of 5.4 (Medium) with the following vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N. The attack vector is network-based, requires low privileges, and no user interaction (Patchstack).

The vulnerability could allow an unprivileged user to execute certain higher privileged actions due to broken access control implementation. The impact affects both confidentiality and integrity with low severity, while availability is not impacted (Patchstack).

The vulnerability has been patched in version 1.31.1 of the Accessibility Checker plugin. Users are advised to update to version 1.31.1 or later to remediate the security issue (Patchstack).