SQL Injection Vulnerability in BetterDocs Plugin for WordPress
CVE-2026-15104
6.5MEDIUM
Key Information:
- Vendor
WordPress
- Vendor
- CVE Published:
- 10 July 2026
What is CVE-2026-15104?
The BetterDocs plugin for WordPress is susceptible to SQL injection via the 'lang' parameter in all versions up to 4.6.0. This vulnerability arises from inadequate escaping of user-supplied parameters and insufficient preparation of the SQL query. Authenticated attackers with custom-level access or higher can exploit this flaw to inject additional SQL queries, potentially compromising sensitive database information. This vulnerability’s exploitability is conditional upon the activation of a compatible multilingual plugin, such as WPML, Polylang, qTranslate, Weglot, or TranslatePress.
Affected Version(s)
BetterDocs – AI Documentation, Knowledge Base, Docs, Wikis, FAQ with Chatbot 0 <= 4.6.0