The BetterDocs Pro plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 3.8.0 via the `doc_style` parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary .php files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where .php file types can be uploaded and included.
Metrics
Affected Vendors & Products
No data.
No data.
No data.
OpenCVE Enrichment is a feature of OpenCVE that uses AI to automatically link vendors and products to CVEs. Learn more on GitHub.
| Vendors | Products |
|---|
References
History
Fri, 19 Jun 2026 06:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | The BetterDocs Pro plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 3.8.0 via the `doc_style` parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary .php files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where .php file types can be uploaded and included. | |
| Title | BetterDocs Pro <= 3.8.0 - Unauthenticated Local File Inclusion via doc_style | |
| Weaknesses | CWE-98 | |
| References |
| |
| Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: Wordfence
Published:
Updated: 2026-06-19T05:33:29.949Z
Reserved: 2026-04-30T15:40:25.530Z
Link: CVE-2026-7515
Vulnrichment
No data.
NVD
No data.
Redhat
No data.
OpenCVE Enrichment
Updated: 2026-06-19T07:30:16Z