WordPress WP Docs plugin <= 2.2.9 - Authenticated (Subscriber+) Stored Cross-Site Scripting via 'wpdocs_options[icon_size]' vulnerability

Authenticated Subscriber+ Stored Cross-Site Scripting via 'wpdocsoptionsiconsize' vulnerability discovered by Nabil Irawan - Heroes Cyber Security in WordPress Plugin WP Docs versions = 2.2.9...

CVE-2026-3878 WP Docs <= 2.2.9 - Authenticated (Subscriber+) Stored Cross-Site Scripting via 'wpdocs_options[icon_size]'

The WP Docs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wpdocsoptionsiconsize' parameter in all versions up to, and including, 2.2.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level...

CVE-2026-3878

The WP Docs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wpdocsoptionsiconsize' parameter in all versions up to, and including, 2.2.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level...

EUVD-2023-36374

Malicious code in bioql PyPI...

CVE-2024-12635

The WP Docs plugin for WordPress is vulnerable to time-based SQL Injection via the 'dirid' parameter in all versions up to, and including, 2.2.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

CVE-2023-32106

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Fahad Mahmood WP Docs plugin = 1.9.9 versions...

CVE-2025-31417 WordPress WP Docs plugin < 2.2.7 - Broken Access Control vulnerability

Missing Authorization vulnerability in Fahad Mahmood WP Docs allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Docs: from n/a through n/a...

CVE-2024-56288 WordPress WP Docs plugin <= 2.2.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Fahad Mahmood WP Docs wp-docs allows Stored XSS.This issue affects WP Docs: from n/a through = 2.2.1...

CVE-2024-56288

CVE-2024-56288 is a Stored XSS in the WP Docs WordPress plugin (Fahad Mahmood). Affected: WP Docs versions up to 2.2.1. Root cause: Improper neutralization of input during web page generation. Impact per sources: cross-site scripting could affect authenticated users; no exploit details provided b...

WordPress WP Docs plugin <= 2.2.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by b4orvn Patchstack Alliance in WordPress Plugin WP Docs versions = 2.2.1...

CVE-2024-12635

The WP Docs plugin for WordPress is vulnerable to time-based SQL Injection via the 'dirid' parameter in all versions up to, and including, 2.2.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

CVE-2024-12635 WP Docs <= 2.2.0 - Authenticated (Subscriber+) Time-Based SQL Injection via 'dir_id'

The WP Docs plugin for WordPress is vulnerable to time-based SQL Injection via the 'dirid' parameter in all versions up to, and including, 2.2.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

CVE-2024-12635

CVE-2024-12635 concerns the WP Docs plugin for WordPress. The vulnerability is a time-based SQL Injection via the dir_id parameter in all versions up to and including 2.2.0, caused by insufficient escaping in the user-supplied input and inadequate preparation in the SQL query. It allows authentic...

CVE-2023-30873 WordPress WP Docs plugin <= 1.9.8 - Broken Access Control

Missing Authorization vulnerability in Fahad Mahmood WP Docs allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Docs: from n/a through 1.9.8...

CVE-2023-32106

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Fahad Mahmood WP Docs plugin = 1.9.9 versions...

Cross site scripting

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Fahad Mahmood WP Docs plugin = 1.9.9 versions...

CVE-2023-32106 WordPress WP Docs Plugin <= 1.9.9 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Fahad Mahmood WP Docs plugin = 1.9.9 versions...

WordPress WP Docs Plugin <= 1.9.9 is vulnerable to Cross Site Scripting (XSS)

Software WP Docs Type Plugin Vulnerable versions = 1.9.9 Fixed in 2.0.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-32106 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 6c7b1d23694a Credits Le Ngoc Anh Required...