Lucene search
K

35 matches found

NVD
NVD
added 4 days ago6 views

CVE-2026-15104

The BetterDocs – AI Documentation, Knowledge Base, Docs, Wikis, FAQ with Chatbot plugin for WordPress is vulnerable to generic SQL Injection via the 'lang' parameter in all versions up to, and including, 4.6.0 due to insufficient escaping on the user supplied parameter and lack of sufficient...

6.5CVSS0.0026EPSS
Exploits0References5
EUVD
EUVD
added 4 days ago10 views

EUVD-2026-42840

The BetterDocs – AI Documentation, Knowledge Base, Docs, Wikis, FAQ with Chatbot plugin for WordPress is vulnerable to generic SQL Injection via the 'lang' parameter in all versions up to, and including, 4.6.0 due to insufficient escaping on the user supplied parameter and lack of sufficient...

6.5CVSS6.1AI score0.0026EPSS
Exploits0References5
NVD
NVD
added 2026/06/19 6:17 a.m.15 views

CVE-2026-12157

The BetterDocs - Knowledge Base Docs & FAQ Solution for Elementor & Block Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the blockId attribute of the betterdocs/category-slate-layout Gutenberg block in versions up to, and including, 4.5.3. This is due to insufficient...

6.4CVSS0.00212EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/19 4:31 a.m.10 views

EUVD-2026-37982

The BetterDocs - Knowledge Base Docs & FAQ Solution for Elementor & Block Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the blockId attribute of the betterdocs/category-slate-layout Gutenberg block in versions up to, and including, 4.5.3. This is due to insufficient...

6.4CVSS6AI score0.00212EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/06/19 4:31 a.m.5 views

CVE-2026-12157

The BetterDocs - Knowledge Base Docs & FAQ Solution for Elementor & Block Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the blockId attribute of the betterdocs/category-slate-layout Gutenberg block in versions up to, and including, 4.5.3. This is due to insufficient...

6.4CVSS6AI score0.00212EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/06/19 4:31 a.m.31 views

CVE-2026-12157 BetterDocs <= 4.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'blockId' Block Attribute

The BetterDocs - Knowledge Base Docs & FAQ Solution for Elementor & Block Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the blockId attribute of the betterdocs/category-slate-layout Gutenberg block in versions up to, and including, 4.5.3. This is due to insufficient...

6.4CVSS0.00212EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.24 views

PT-2026-50837

Name of the Vulnerable Software and Affected Versions BetterDocs - Knowledge Base Docs & FAQ Solution for Elementor & Block Editor versions prior to 4.5.4 Description Stored Cross-Site Scripting occurs via the blockId attribute of the 'betterdocs/category-slate-layout' Gutenberg block. The issue...

6.4CVSS6AI score0.00212EPSS
Exploits0References13
RedhatCVE
RedhatCVE
added 2026/06/05 7:37 p.m.12 views

CVE-2026-3875

The BetterDocs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'betterdocsfeedbackform' shortcode in all versions up to, and including, 4.3.8. This is due to insufficient input sanitization and output escaping on user supplied shortcode attributes. This makes it possible...

6.4CVSS5.7AI score0.00218EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:32 p.m.10 views

CVE-2026-6393

The BetterDocs plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 4.3.11. This is due to a missing capability check in the generateopenaicontentcallback function, which relies solely on a nonce rather than verifying user permissions. This makes it possible...

4.3CVSS5.5AI score0.0027EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/29 12:0 a.m.10 views

WordPress Plugin BetterDocs 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

5.3CVSS5.8AI score0.00247EPSS
Exploits0References1
NVD
NVD
added 2026/04/24 4:16 a.m.7 views

CVE-2026-6393

The BetterDocs plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 4.3.11. This is due to a missing capability check in the generateopenaicontentcallback function, which relies solely on a nonce rather than verifying user permissions. This makes it possible...

4.3CVSS0.0027EPSS
Exploits0References6
EUVD
EUVD
added 2026/04/24 3:27 a.m.7 views

EUVD-2026-25394

The BetterDocs plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 4.3.11. This is due to a missing capability check in the generateopenaicontentcallback function, which relies solely on a nonce rather than verifying user permissions. This makes it possible...

4.3CVSS5.7AI score0.0027EPSS
Exploits0References6
CVE
CVE
added 2026/04/24 3:27 a.m.20 views

CVE-2026-6393

The CVE concerns the WordPress plugin BetterDocs (versions up to and including 4.3.11). The vulnerability lies in the function generate_openai_content_callback() , which lacks proper permission checks and relies on a nonce, allowing authenticated attackers with subscriber-level access or higher t...

4.3CVSS5.7AI score0.0027EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/04/24 3:27 a.m.31 views

CVE-2026-6393 BetterDocs <= 4.3.11 - Missing Authorization to Authenticated (Subscriber+) Unauthorized AI API Usage

The BetterDocs plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 4.3.11. This is due to a missing capability check in the generateopenaicontentcallback function, which relies solely on a nonce rather than verifying user permissions. This makes it possible...

4.3CVSS0.0027EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/04/24 3:27 a.m.4 views

CVE-2026-6393

The BetterDocs plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 4.3.11. This is due to a missing capability check in the generateopenaicontentcallback function, which relies solely on a nonce rather than verifying user permissions. This makes it possible...

4.3CVSS5.7AI score0.0027EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/04/24 12:0 a.m.11 views

WordPress plugin BetterDocs 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

4.3CVSS5.8AI score0.0027EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/16 9:31 a.m.6 views

EUVD-2026-23209

The BetterDocs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'betterdocsfeedbackform' shortcode in all versions up to, and including, 4.3.8. This is due to insufficient input sanitization and output escaping on user supplied shortcode attributes. This makes it possible...

6.4CVSS5.9AI score0.00218EPSS
Exploits0References3
NVD
NVD
added 2026/04/16 7:16 a.m.7 views

CVE-2026-3875

The BetterDocs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'betterdocsfeedbackform' shortcode in all versions up to, and including, 4.3.8. This is due to insufficient input sanitization and output escaping on user supplied shortcode attributes. This makes it possible...

6.4CVSS0.00218EPSS
Exploits0References2
CVE
CVE
added 2026/04/16 6:44 a.m.11 views

CVE-2026-3875

The BetterDocs WordPress plugin is vulnerable to Stored Cross-Site Scripting via the betterdocs_feedback_form shortcode attributes in all versions up to 4.3.8. The root cause is insufficient input sanitization and output escaping on user-supplied shortcode attributes, allowing authenticated attac...

6.4CVSS5.9AI score0.00218EPSS
Exploits0References2
Patchstack
Patchstack
added 2026/04/16 3:21 a.m.8 views

WordPress BetterDocs plugin <= 4.3.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Attributes vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin BetterDocs versions = 4.3.8...

6.4CVSS5.8AI score0.00218EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder