16 matches found
WordPress BetterDocs Pro plugin <= 3.8.0 - Unauthenticated Local File Inclusion vulnerability
Unauthenticated Local File Inclusion vulnerability discovered by Nguyen Ngoc Duc duc193 in WordPress Plugin BetterDocs Pro versions = 3.8.0...
CVE-2026-7515
The BetterDocs Pro plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 3.8.0 via the docstyle parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary .php files on the server, allowing the execution of any PHP code ...
EUVD-2026-37992
The BetterDocs Pro plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 3.8.0 via the docstyle parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary .php files on the server, allowing the execution of any PHP code ...
CVE-2026-7515
CVE-2026-7515 affects the BetterDocs Pro WordPress plugin (
CVE-2026-7515 BetterDocs Pro <= 3.8.0 - Unauthenticated Local File Inclusion via doc_style
The BetterDocs Pro plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 3.8.0 via the docstyle parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary .php files on the server, allowing the execution of any PHP code ...
PT-2026-50843
Name of the Vulnerable Software and Affected Versions BetterDocs Pro versions prior to 3.8.1 Description The plugin is susceptible to Local File Inclusion, a condition where an application includes files on a local server unexpectedly. Unauthenticated attackers can exploit this via the doc style...
VulnCheck KEV: CVE-2026-7515
The BetterDocs Pro plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 3.8.0 via the docstyle parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary .php files on the server, allowing the execution of any PHP code ...
CVE-2026-4348
The BetterDocs Pro plugin for WordPress is vulnerable to SQL Injection via the getcurrentletterdocs and docssortbyletter AJAX actions in all versions up to, and including, 3.7.0. This is due to the limit POST parameter being interpolated directly into a SQL query string before being passed to...
WordPress BetterDocs Pro plugin <= 3.7.0 - Unauthenticated SQL Injection vulnerability
Unauthenticated SQL Injection vulnerability discovered by h0xilo in WordPress Plugin BetterDocs Pro versions = 3.7.0...
CVE-2026-4348
The BetterDocs Pro plugin for WordPress is vulnerable to SQL Injection via the getcurrentletterdocs and docssortbyletter AJAX actions in all versions up to, and including, 3.7.0. This is due to the limit POST parameter being interpolated directly into a SQL query string before being passed to...
CVE-2026-4348 BetterDocs Pro <= 3.7.0 - Unauthenticated SQL Injection via Encyclopedia 'limit' Parameter
The BetterDocs Pro plugin for WordPress is vulnerable to SQL Injection via the getcurrentletterdocs and docssortbyletter AJAX actions in all versions up to, and including, 3.7.0. This is due to the limit POST parameter being interpolated directly into a SQL query string before being passed to...
CVE-2026-4348
The BetterDocs Pro plugin for WordPress is vulnerable to SQL Injection via the getcurrentletterdocs and docssortbyletter AJAX actions in all versions up to, and including, 3.7.0. This is due to the limit POST parameter being interpolated directly into a SQL query string before being passed to...
CVE-2026-4348 BetterDocs Pro <= 3.7.0 - Unauthenticated SQL Injection via Encyclopedia 'limit' Parameter
The BetterDocs Pro plugin for WordPress is vulnerable to SQL Injection via the getcurrentletterdocs and docssortbyletter AJAX actions in all versions up to, and including, 3.7.0. This is due to the limit POST parameter being interpolated directly into a SQL query string before being passed to...
CVE-2026-4348
CVE-2026-4348 affects the BetterDocs Pro WordPress plugin (≤ 3.7.0). The vulnerability is an unauthenticated SQL injection in the get_current_letter_docs and docs_sort_by_letter AJAX actions, where the limit POST parameter is interpolated directly into a SQL query before $wpdb->prepare(), enab...
WordPress plugin BetterDocs Pro SQL注入漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
PT-2026-38341
The BetterDocs Pro plugin for WordPress is vulnerable to SQL Injection via the get current letter docs and docs sort by letter AJAX actions in all versions up to, and including, 3.7.0. This is due to the limit POST parameter being interpolated directly into a SQL query string before being passed ...