Vulnerabilities and security researches forbasepress basepress

Jun 06, 2024

CVE, Research URL: 34fbb3c1dedc000b24548f1eb7be4ec311b8bed7
Home page URL: Security reports for Knowledge Base documentation & wiki plugin – BasePress Docs
Application: Knowledge Base documentation & wiki plugin – BasePress Docs
Date: Feb 28, 2022
Research Description: Knowledge Base documentation & wiki plugin – BasePress Docs [basepress] < 2.15.21 WordPress Knowledge Base documentation & wiki plugin – BasePress plugin <= 2.15.13 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability discovered in WordPress Knowledge Base documentation & wiki plugin – BasePress plugin (versions <= 2.15.13).
Affected versions: max 2.15.21.
Status: vulnerable

CVE, Research URL: CVE-2024-33588
Home page URL: Security reports for Knowledge Base documentation & wiki plugin – BasePress Docs
Application: Knowledge Base documentation & wiki plugin – BasePress Docs
Date: Apr 29, 2024
Research Description: Missing Authorization vulnerability in codeSavory Knowledge Base documentation & wiki plugin – BasePress.This issue affects Knowledge Base documentation & wiki plugin – BasePress: from n/a through 2.16.1.
Affected versions: max 2.16.2.1.
Status: vulnerable

CVE, Research URL: CVE-2024-33590
Home page URL: Security reports for Knowledge Base documentation & wiki plugin – BasePress Docs
Application: Knowledge Base documentation & wiki plugin – BasePress Docs
Date: Apr 29, 2024
Research Description: Server-Side Request Forgery (SSRF) vulnerability in codeSavory Knowledge Base documentation & wiki plugin – BasePress.This issue affects Knowledge Base documentation & wiki plugin – BasePress: from n/a through 2.16.1.
Affected versions: max 2.16.2.1.
Status: vulnerable

Nov 15, 2024

CVE, Research URL: CVE-2022-4974
Home page URL: Security reports for Knowledge Base documentation & wiki plugin – BasePress Docs
Application: Knowledge Base documentation & wiki plugin – BasePress Docs
Date: Oct 16, 2024
Research Description: The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
Affected versions: max 2.15.14.
Status: vulnerable

Dec 06, 2024

CVE, Research URL: CVE-2024-10664
Home page URL: Security reports for Knowledge Base documentation & wiki plugin – BasePress Docs
Application: Knowledge Base documentation & wiki plugin – BasePress Docs
Date: Dec 04, 2024
Research Description: The Knowledge Base documentation & wiki plugin – BasePress Docs plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the basepress_db_posts_update() function in all versions up to, and including, 2.16.3.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update the database.
Affected versions: max 2.16.3.4.
Status: vulnerable

Jan 09, 2026

CVE, Research URL: CVE-2025-62761
Home page URL: Security reports for Knowledge Base documentation & wiki plugin – BasePress Docs
Application: Knowledge Base documentation & wiki plugin – BasePress Docs
Date: Dec 31, 2025
Research Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BasePress Knowledge Base documentation & wiki plugin – BasePress allows Stored XSS.This issue affects Knowledge Base documentation & wiki plugin – BasePress: from n/a through 2.17.0.1.
Affected versions: max 2.17.0.1.
Status: vulnerable