Skip to main content

Betterdocs Pro

1 CVEs product

Monthly

CVE-2026-7515 CRITICAL Act Now

Unauthenticated remote code execution in BetterDocs Pro for WordPress (versions through 3.8.0) is achievable by abusing the `doc_style` parameter to include arbitrary local PHP files. Wordfence has assigned a critical 9.8 CVSS score, and while no public exploit identified at time of analysis, the unauthenticated network-reachable nature of the flaw on a widely deployed WordPress documentation plugin makes opportunistic mass-exploitation likely once details propagate.

Information Disclosure WordPress RCE LFI PHP +1
NVD VulDB
CVSS 3.1
9.8
EPSS
0.9%
EPSS 1% CVSS 9.8
CRITICAL Act Now

Unauthenticated remote code execution in BetterDocs Pro for WordPress (versions through 3.8.0) is achievable by abusing the `doc_style` parameter to include arbitrary local PHP files. Wordfence has assigned a critical 9.8 CVSS score, and while no public exploit identified at time of analysis, the unauthenticated network-reachable nature of the flaw on a widely deployed WordPress documentation plugin makes opportunistic mass-exploitation likely once details propagate.

Information Disclosure WordPress RCE +3
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy