Local File Inclusion Vulnerability in BetterDocs Pro Plugin for WordPress
CVE-2026-7515

9.8CRITICAL

Key Information:

Vendor: WordPress
Status: Betterdocs Pro
Vendor: CVE Published:; 19 June 2026

What is CVE-2026-7515?

The BetterDocs Pro plugin for WordPress contains a vulnerability that allows unauthenticated attackers to exploit a Local File Inclusion (LFI) flaw through the 'doc_style' parameter. This security issue affects versions up to and including 3.8.0, enabling attackers to include and execute arbitrary PHP files from the server. Consequently, this vulnerability can lead to unauthorized access, allowing for the execution of malicious PHP scripts, potential bypass of access controls, and exposure of sensitive data. It is crucial for users of affected versions to promptly apply the updates to mitigate this risk.

Affected Version(s)

BetterDocs Pro 0 <= 3.8.0

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://betterdocs.co/

https://betterdocs.co/changelog/

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 19, 2026
Vulnerability Reserved
Apr 30, 2026

Credit

Nguyen Ngoc Duc

CVE-2026-7515 Data

JSON