A serious security vulnerability has been identified in the Ally WordPress plugin, affecting over 200,000 websites. This plugin, which provides accessibility enhancements, is susceptible to an exploit that allows attackers to extract sensitive database information.
The flaw, known as CVE-2026-2413, has been assigned a CVSS score of 7.5, indicating its high severity. The issue arises from an SQL injection vulnerability due to inadequate sanitization of URL parameters within the plugin’s code.
Understanding the SQL Injection Flaw
According to security experts at Defiant, the problem lies in the plugin’s failure to correctly sanitize user-supplied URL parameters. This oversight permits the inclusion of SQL metacharacters, such as quotes and parentheses, which can be leveraged to manipulate database queries maliciously.
In particular, the vulnerability impacts the ‘subscribers’ query functionality of the plugin, which does not utilize the WordPress wpdb prepare() function. This function is essential for safely parameterizing SQL queries to prevent injection attacks.
Implications for WordPress Sites
Unauthenticated attackers can exploit this flaw by appending additional SQL queries, leading to data exfiltration through time-based blind SQL injection techniques. Such attacks can result in unauthorized access to sensitive information stored in the website’s database.
WordPress statistics indicate that as of March 11, approximately 60% of Ally plugin installations were running a vulnerable version. With over 400,000 active installations, this means more than 200,000 sites are potentially at risk.
Securing Your Website
To address this critical vulnerability, a patch has been released in Ally version 4.1.0, available since February 23. This update integrates the wpdb prepare() function into the plugin’s sanitization process, thereby enhancing its resistance to SQL injection attacks.
Website administrators are strongly advised to update to the latest version of the Ally plugin immediately to protect their sites from potential compromise. Regular updates and vigilant security practices are essential to maintaining the integrity of WordPress installations.
For additional information on related vulnerabilities and security best practices, consider reviewing resources on similar issues affecting WordPress plugins and the broader cybersecurity landscape.
