Lucene search
K

127 matches found

NVD
NVD
added 4 days ago6 views

CVE-2026-15104

The BetterDocs – AI Documentation, Knowledge Base, Docs, Wikis, FAQ with Chatbot plugin for WordPress is vulnerable to generic SQL Injection via the 'lang' parameter in all versions up to, and including, 4.6.0 due to insufficient escaping on the user supplied parameter and lack of sufficient...

6.5CVSS0.0026EPSS
Exploits0References5
EUVD
EUVD
added 4 days ago10 views

EUVD-2026-42840

The BetterDocs – AI Documentation, Knowledge Base, Docs, Wikis, FAQ with Chatbot plugin for WordPress is vulnerable to generic SQL Injection via the 'lang' parameter in all versions up to, and including, 4.6.0 due to insufficient escaping on the user supplied parameter and lack of sufficient...

6.5CVSS6.1AI score0.0026EPSS
Exploits0References5
CVE
CVE
added 4 days ago9 views

CVE-2026-15104

Summary: CVE-2026-15104 affects the WordPress plugin “BetterDocs – AI Documentation, Knowledge Base, Docs, Wikis, FAQ with Chatbot” up to version 4.6.0. The vulnerability is a generic SQL Injection via the ‘lang’ parameter, caused by insufficient escaping of user input and lack of proper preparat...

6.5CVSS6.1AI score0.0026EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 4 days ago6 views

CVE-2026-15104

The BetterDocs – AI Documentation, Knowledge Base, Docs, Wikis, FAQ with Chatbot plugin for WordPress is vulnerable to generic SQL Injection via the 'lang' parameter in all versions up to, and including, 4.6.0 due to insufficient escaping on the user supplied parameter and lack of sufficient...

6.5CVSS6.1AI score0.0026EPSS
Exploits0References6
Cvelist
Cvelist
added 4 days ago30 views

CVE-2026-15104 BetterDocs <= 4.6.0 - Authenticated (Custom+) SQL Injection via 'lang' Parameter

The BetterDocs – AI Documentation, Knowledge Base, Docs, Wikis, FAQ with Chatbot plugin for WordPress is vulnerable to generic SQL Injection via the 'lang' parameter in all versions up to, and including, 4.6.0 due to insufficient escaping on the user supplied parameter and lack of sufficient...

6.5CVSS0.0026EPSS
Exploits0References5
Patchstack
Patchstack
added 5 days ago4 views

WordPress BetterDocs – AI Documentation, Knowledge Base, Docs, Wikis, FAQ with Chatbot plugin <= 4.6.0 - Authenticated (Custom+) SQL Injection vulnerability

Authenticated Custom+ SQL Injection vulnerability discovered by PRISM in WordPress Plugin BetterDocs versions = 4.6.0...

6.5CVSS6AI score0.0026EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/07/03 1:28 a.m.15 views

CVE-2026-12729

The CVE concerns the weDocs: AI Powered Knowledge Base WordPress plugin up to version 2.3.0, where the do_migration() function is exposed via the wedocs_migrate_betterdocs_to_wedocs AJAX action without nonce verification (check_ajax_referer) and without a current_user_can capability check. This a...

4.3CVSS5.6AI score0.00213EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/07/03 12:0 a.m.18 views

PT-2026-55440

Name of the Vulnerable Software and Affected Versions weDocs: AI Powered Knowledge Base, Docs, Documentation, Wiki & AI Chatbot versions prior to 2.3.1 Description The plugin contains a missing authorization flaw. The do migration function, registered as the wedocs migrate betterdocs to wedocs AJ...

4.3CVSS5.9AI score0.00213EPSS
Exploits0References10
Patchstack
Patchstack
added 2026/06/19 8:4 a.m.13 views

WordPress BetterDocs Pro plugin <= 3.8.0 - Unauthenticated Local File Inclusion vulnerability

Unauthenticated Local File Inclusion vulnerability discovered by Nguyen Ngoc Duc duc193 in WordPress Plugin BetterDocs Pro versions = 3.8.0...

9.8CVSS5.8AI score0.00886EPSS
Exploits2References1Affected Software1
NVD
NVD
added 2026/06/19 6:17 a.m.15 views

CVE-2026-7515

The BetterDocs Pro plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 3.8.0 via the docstyle parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary .php files on the server, allowing the execution of any PHP code ...

9.8CVSS0.00886EPSS
Exploits2References3
NVD
NVD
added 2026/06/19 6:17 a.m.15 views

CVE-2026-12157

The BetterDocs - Knowledge Base Docs & FAQ Solution for Elementor & Block Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the blockId attribute of the betterdocs/category-slate-layout Gutenberg block in versions up to, and including, 4.5.3. This is due to insufficient...

6.4CVSS0.00212EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/06/19 5:33 a.m.38 views

CVE-2026-7515 BetterDocs Pro <= 3.8.0 - Unauthenticated Local File Inclusion via doc_style

The BetterDocs Pro plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 3.8.0 via the docstyle parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary .php files on the server, allowing the execution of any PHP code ...

9.8CVSS0.00886EPSS
Exploits2References3
CVE
CVE
added 2026/06/19 5:33 a.m.48 views

CVE-2026-7515

CVE-2026-7515 affects the WordPress plugin BetterDocs Pro. The vulnerability is a Local File Inclusion via the doc_style parameter in versions up to and including 3.8.0, allowing unauthenticated attackers to include and execute arbitrary PHP files on the server, potentially bypassing access contr...

9.8CVSS6.5AI score0.00886EPSS
In wildExploits2References3
EUVD
EUVD
added 2026/06/19 5:33 a.m.12 views

EUVD-2026-37992

The BetterDocs Pro plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 3.8.0 via the docstyle parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary .php files on the server, allowing the execution of any PHP code ...

9.8CVSS6.5AI score0.00886EPSS
Exploits2References3
EUVD
EUVD
added 2026/06/19 4:31 a.m.10 views

EUVD-2026-37982

The BetterDocs - Knowledge Base Docs & FAQ Solution for Elementor & Block Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the blockId attribute of the betterdocs/category-slate-layout Gutenberg block in versions up to, and including, 4.5.3. This is due to insufficient...

6.4CVSS6AI score0.00212EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/06/19 4:31 a.m.5 views

CVE-2026-12157

The BetterDocs - Knowledge Base Docs & FAQ Solution for Elementor & Block Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the blockId attribute of the betterdocs/category-slate-layout Gutenberg block in versions up to, and including, 4.5.3. This is due to insufficient...

6.4CVSS6AI score0.00212EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/06/19 4:31 a.m.31 views

CVE-2026-12157 BetterDocs <= 4.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'blockId' Block Attribute

The BetterDocs - Knowledge Base Docs & FAQ Solution for Elementor & Block Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the blockId attribute of the betterdocs/category-slate-layout Gutenberg block in versions up to, and including, 4.5.3. This is due to insufficient...

6.4CVSS0.00212EPSS
Exploits0References6
CVE
CVE
added 2026/06/19 4:31 a.m.23 views

CVE-2026-12157

CVE-2026-12157 affects the WordPress plugin BetterDocs (Knowledge Base Docs & FAQ Solution for Elementor & Block Editor). Versions up to 4.5.3 are vulnerable to Stored Cross-Site Scripting via the blockId attribute of the betterdocs/category-slate-layout Gutenberg block. Root cause: CategorySlate...

6.4CVSS6AI score0.00212EPSS
Exploits0References6
VulnCheck KEV
VulnCheck KEV
added 2026/06/19 12:0 a.m.8 views

VulnCheck KEV: CVE-2026-7515

The BetterDocs Pro plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 3.8.0 via the docstyle parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary .php files on the server, allowing the execution of any PHP code ...

9.8CVSS6.5AI score0.00886EPSS
In wildExploits2References2
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.24 views

PT-2026-50837

Name of the Vulnerable Software and Affected Versions BetterDocs - Knowledge Base Docs & FAQ Solution for Elementor & Block Editor versions prior to 4.5.4 Description Stored Cross-Site Scripting occurs via the blockId attribute of the 'betterdocs/category-slate-layout' Gutenberg block. The issue...

6.4CVSS6AI score0.00212EPSS
Exploits0References13
Rows per page
Query Builder