Browse all 3 CVE security advisories affecting AccessAlly. AI-powered Chinese analysis, POCs, and references for each vulnerability.
AccessAlly is a WordPress plugin designed for membership sites and online courses, enabling user management and content delivery. Historically, it has been vulnerable to multiple security issues including remote code execution, cross-site scripting, and privilege escalation vulnerabilities. The plugin has three CVEs on record, with issues ranging from insufficient input validation to improper access controls. While no major public security incidents have been widely reported, the consistent discovery of vulnerabilities highlights the importance of regular updates and security hardening for implementations using this platform.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2024-34796 | WordPress PopupAlly plugin <= 2.1.1 - Cross Site Scripting (XSS) vulnerability — PopupAllyCWE-79 | 5.9 | Medium | 2024-06-03 |
| CVE-2024-33639 | WordPress PopupAlly plugin <= 2.1.1 - Cross Site Scripting (XSS) vulnerability — PopupAllyCWE-79 | 5.9 | Medium | 2024-04-26 |
| CVE-2024-23520 | WordPress PopupAlly plugin <= 2.1.0 - Broken Access Control vulnerability — PopupAllyCWE-862 | 4.3 | Medium | 2024-03-26 |
This page lists every published CVE security advisory associated with AccessAlly. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.