Vulnerabilities and security researches forwp-docs wp-docs

Jun 06, 2024

CVE, Research URL: e8154019cb3a9312c465490fd4032d0bd8b42082
Home page URL: Security reports for WP Docs
Application: WP Docs
Date: Apr 19, 2023
Research Description: WP Docs [wp-docs] < 1.9.9 WordPress WP Docs Plugin <= 1.9.8 is vulnerable to Broken Access Control Update the WordPress WP Docs plugin to the latest available version (at least 1.9.9). Lana Codes discovered and reported this Broken Access Control vulnerability in WordPress WP Docs Plugin. This vulnerability has been fixed in version 1.9.9.
Affected versions: max 1.9.9.
Status: vulnerable

CVE, Research URL: CVE-2023-32106
Home page URL: Security reports for WP Docs
Application: WP Docs
Date: Aug 18, 2023
Research Description: Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Fahad Mahmood WP Docs plugin <= 1.9.9 versions.
Affected versions: max 2.0.0.
Status: vulnerable

Jun 10, 2024

CVE, Research URL: CVE-2023-30873
Home page URL: Security reports for WP Docs
Application: WP Docs
Date: Dec 09, 2024
Research Description: Missing Authorization vulnerability in Fahad Mahmood WP Docs allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Docs: from n/a through 1.9.8.
Affected versions: max 1.9.9.
Status: vulnerable

CVE, Research URL: CVE-2024-35695
Home page URL: Security reports for WP Docs
Application: WP Docs
Date: Jun 08, 2024
Research Description: Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Fahad Mahmood WP Docs allows Stored XSS.This issue affects WP Docs: from n/a through 2.1.3.
Affected versions: max 2.1.4.
Status: vulnerable

CVE, Research URL: CVE-2024-35696
Home page URL: Security reports for WP Docs
Application: WP Docs
Date: Jun 08, 2024
Research Description: Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Fahad Mahmood WP Docs allows Reflected XSS.This issue affects WP Docs: from n/a through 2.1.3.
Affected versions: max 2.1.4.
Status: vulnerable

Dec 22, 2024

CVE, Research URL: CVE-2024-12635
Home page URL: Security reports for WP Docs
Application: WP Docs
Date: Dec 21, 2024
Research Description: The WP Docs plugin for WordPress is vulnerable to time-based SQL Injection via the 'dir_id' parameter in all versions up to, and including, 2.2.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. The vulnerability was partially patched in version 2.2.0.
Affected versions: max 2.2.1.
Status: vulnerable

Jan 08, 2025

CVE, Research URL: CVE-2024-56288
Home page URL: Security reports for WP Docs
Application: WP Docs
Date: Jan 07, 2025
Research Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Fahad Mahmood WP Docs allows Stored XSS.This issue affects WP Docs: from n/a through 2.2.1.
Affected versions: max 2.2.2.
Status: vulnerable

Apr 02, 2025

CVE, Research URL: CVE-2025-31417
Home page URL: Security reports for WP Docs
Application: WP Docs
Date: Mar 31, 2025
Research Description: Missing Authorization vulnerability in Fahad Mahmood WP Docs allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Docs: from n/a through n/a.
Affected versions: max 2.2.7.
Status: vulnerable

Feb 28, 2026

CVE, Research URL: CVE-2026-24990
Home page URL: Security reports for WP Docs
Application: WP Docs
Date: Feb 03, 2026
Research Description: Missing Authorization vulnerability in Fahad Mahmood WP Docs wp-docs allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Docs: from n/a through <= 2.2.8.
Affected versions: max 2.2.8.
Status: vulnerable