Local File Inclusion Vulnerability in BetterDocs Pro Plugin for WordPress
CVE-2026-7515
Key Information:
- Vendor
WordPress
- Status
- Vendor
- CVE Published:
- 19 June 2026
Badges
What is CVE-2026-7515?
The BetterDocs Pro plugin for WordPress contains a vulnerability that allows unauthenticated attackers to exploit a Local File Inclusion (LFI) flaw through the 'doc_style' parameter. This security issue affects versions up to and including 3.8.0, enabling attackers to include and execute arbitrary PHP files from the server. Consequently, this vulnerability can lead to unauthorized access, allowing for the execution of malicious PHP scripts, potential bypass of access controls, and exposure of sensitive data. It is crucial for users of affected versions to promptly apply the updates to mitigate this risk.
Affected Version(s)
BetterDocs Pro 0 <= 3.8.0
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V3.1
Timeline
- 🟡
Public PoC available
- 👾
Exploit known to exist
Vulnerability published
Vulnerability Reserved