132 matches found
CVE-2024-30226 WordPress BetterDocs plugin <= 3.3.3 - Unauthenticated PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in WPDeveloper BetterDocs.This issue affects BetterDocs: from n/a through 3.3.3...
WordPress Plugin BetterDocs 代码问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability exists i...
WordPress BetterDocs Plugin <= 3.3.3 is vulnerable to PHP Object Injection
Software BetterDocs Type Plugin Vulnerable versions = 3.3.3 Fixed in 3.3.4 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2024-30226 Patch priority High CVSS severity High 9 Developer Claim ownership PSID 4a7582c42893 Credits stealthcopter Required privilege Unauthenticate...
WordPress BetterDocs Plugin <= 3.4.2 is vulnerable to Cross Site Scripting (XSS)
Software BetterDocs Type Plugin Vulnerable versions = 3.4.2 Fixed in 3.5.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2845 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID d1612a5ce1f1 Credits Krzysztof Zając Required...
BetterDocs < 2.5.3 - Missing Authorization via AJAX actions
Description The BetterDocs plugin for WordPress is vulnerable to unauthorized document modification due to a missing capability check on several AJAX functions in versions up to, and including, 2.5.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to...
WordPress BetterDocs Plugin <= 2.5.2 is vulnerable to Broken Access Control
Software BetterDocs Type Plugin Vulnerable versions = 2.5.2 Fixed in 2.5.3 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-47762 Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSID a29f1668c541 Credits Abdi Pranata Required...
BetterDocs < 1.9.0 - Reflected Cross-Site Scripting
The plugin does not escape the tagID before outputting it back in the edit category page of the admin dashboard, leading to a Reflected Cross-Site Scripting issue PoC https://example.com/wp-admin/term.php?taxonomy=doccategoryID=147"...
WordPress BetterDocs plugin <= 1.9.1 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by WPScanTeam in WordPress BetterDocs plugin versions = 1.9.1. Solution Update the WordPress BetterDocs plugin to the latest available version at least 1.9.2...
BetterDocs < 1.9.0 - Reflected Cross-Site Scripting
The plugin does not escape the tagID before outputting it back in the edit category page of the admin dashboard, leading to a Reflected Cross-Site Scripting issue https://example.com/wp-admin/term.php?taxonomy=doccategory&tagID=147"alert/XSS/...
BetterDocs 1.9.0-1.9.1 - Reflected Cross-Site Scripting
The plugin does not escape the daterange parameter before outputting it back in the All docs admin dashboard, leading to a Reflected Cross-Site Scripting issue PoC https://example.com/wp-admin/admin.php?page=betterdocs-adminrange="...
BetterDocs 1.9.0-1.9.1 - Reflected Cross-Site Scripting
The plugin does not escape the daterange parameter before outputting it back in the All docs admin dashboard, leading to a Reflected Cross-Site Scripting issue https://example.com/wp-admin/admin.php?page=betterdocs-admin&daterange="alert/XSS/...
WordPress BetterDocs plugin <= 1.8.4 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by WPScanTeam in WordPress BetterDocs plugin versions = 1.8.4. Solution Update the WordPress BetterDocs plugin to the latest available version at least 1.9.0...