127 matches found
CVE-2026-15104
The BetterDocs – AI Documentation, Knowledge Base, Docs, Wikis, FAQ with Chatbot plugin for WordPress is vulnerable to generic SQL Injection via the 'lang' parameter in all versions up to, and including, 4.6.0 due to insufficient escaping on the user supplied parameter and lack of sufficient...
EUVD-2026-42840
The BetterDocs – AI Documentation, Knowledge Base, Docs, Wikis, FAQ with Chatbot plugin for WordPress is vulnerable to generic SQL Injection via the 'lang' parameter in all versions up to, and including, 4.6.0 due to insufficient escaping on the user supplied parameter and lack of sufficient...
CVE-2026-15104
Summary: CVE-2026-15104 affects the WordPress plugin “BetterDocs – AI Documentation, Knowledge Base, Docs, Wikis, FAQ with Chatbot” up to version 4.6.0. The vulnerability is a generic SQL Injection via the ‘lang’ parameter, caused by insufficient escaping of user input and lack of proper preparat...
CVE-2026-15104
The BetterDocs – AI Documentation, Knowledge Base, Docs, Wikis, FAQ with Chatbot plugin for WordPress is vulnerable to generic SQL Injection via the 'lang' parameter in all versions up to, and including, 4.6.0 due to insufficient escaping on the user supplied parameter and lack of sufficient...
CVE-2026-15104 BetterDocs <= 4.6.0 - Authenticated (Custom+) SQL Injection via 'lang' Parameter
The BetterDocs – AI Documentation, Knowledge Base, Docs, Wikis, FAQ with Chatbot plugin for WordPress is vulnerable to generic SQL Injection via the 'lang' parameter in all versions up to, and including, 4.6.0 due to insufficient escaping on the user supplied parameter and lack of sufficient...
WordPress BetterDocs – AI Documentation, Knowledge Base, Docs, Wikis, FAQ with Chatbot plugin <= 4.6.0 - Authenticated (Custom+) SQL Injection vulnerability
Authenticated Custom+ SQL Injection vulnerability discovered by PRISM in WordPress Plugin BetterDocs versions = 4.6.0...
CVE-2026-12729
The CVE concerns the weDocs: AI Powered Knowledge Base WordPress plugin up to version 2.3.0, where the do_migration() function is exposed via the wedocs_migrate_betterdocs_to_wedocs AJAX action without nonce verification (check_ajax_referer) and without a current_user_can capability check. This a...
PT-2026-55440
Name of the Vulnerable Software and Affected Versions weDocs: AI Powered Knowledge Base, Docs, Documentation, Wiki & AI Chatbot versions prior to 2.3.1 Description The plugin contains a missing authorization flaw. The do migration function, registered as the wedocs migrate betterdocs to wedocs AJ...
WordPress BetterDocs Pro plugin <= 3.8.0 - Unauthenticated Local File Inclusion vulnerability
Unauthenticated Local File Inclusion vulnerability discovered by Nguyen Ngoc Duc duc193 in WordPress Plugin BetterDocs Pro versions = 3.8.0...
CVE-2026-7515
The BetterDocs Pro plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 3.8.0 via the docstyle parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary .php files on the server, allowing the execution of any PHP code ...
CVE-2026-12157
The BetterDocs - Knowledge Base Docs & FAQ Solution for Elementor & Block Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the blockId attribute of the betterdocs/category-slate-layout Gutenberg block in versions up to, and including, 4.5.3. This is due to insufficient...
CVE-2026-7515 BetterDocs Pro <= 3.8.0 - Unauthenticated Local File Inclusion via doc_style
The BetterDocs Pro plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 3.8.0 via the docstyle parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary .php files on the server, allowing the execution of any PHP code ...
CVE-2026-7515
CVE-2026-7515 affects the WordPress plugin BetterDocs Pro. The vulnerability is a Local File Inclusion via the doc_style parameter in versions up to and including 3.8.0, allowing unauthenticated attackers to include and execute arbitrary PHP files on the server, potentially bypassing access contr...
EUVD-2026-37992
The BetterDocs Pro plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 3.8.0 via the docstyle parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary .php files on the server, allowing the execution of any PHP code ...
EUVD-2026-37982
The BetterDocs - Knowledge Base Docs & FAQ Solution for Elementor & Block Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the blockId attribute of the betterdocs/category-slate-layout Gutenberg block in versions up to, and including, 4.5.3. This is due to insufficient...
CVE-2026-12157
The BetterDocs - Knowledge Base Docs & FAQ Solution for Elementor & Block Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the blockId attribute of the betterdocs/category-slate-layout Gutenberg block in versions up to, and including, 4.5.3. This is due to insufficient...
CVE-2026-12157 BetterDocs <= 4.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'blockId' Block Attribute
The BetterDocs - Knowledge Base Docs & FAQ Solution for Elementor & Block Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the blockId attribute of the betterdocs/category-slate-layout Gutenberg block in versions up to, and including, 4.5.3. This is due to insufficient...
CVE-2026-12157
CVE-2026-12157 affects the WordPress plugin BetterDocs (Knowledge Base Docs & FAQ Solution for Elementor & Block Editor). Versions up to 4.5.3 are vulnerable to Stored Cross-Site Scripting via the blockId attribute of the betterdocs/category-slate-layout Gutenberg block. Root cause: CategorySlate...
VulnCheck KEV: CVE-2026-7515
The BetterDocs Pro plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 3.8.0 via the docstyle parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary .php files on the server, allowing the execution of any PHP code ...
PT-2026-50837
Name of the Vulnerable Software and Affected Versions BetterDocs - Knowledge Base Docs & FAQ Solution for Elementor & Block Editor versions prior to 4.5.4 Description Stored Cross-Site Scripting occurs via the blockId attribute of the 'betterdocs/category-slate-layout' Gutenberg block. The issue...