CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-31417 – WordPress WP Docs plugin < 2.2.7 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2025-31417
29 Mar 2025 — Missing Authorization vulnerability in Fahad Mahmood WP Docs allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Docs: from n/a through n/a. The WP Docs plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 2.2.6. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform an unauthorized action. • https://patchstack.com/database/wordpress/plugin/wp-docs/vulnerability/wordpress-wp-docs-plugin-2-2-7-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-56288 – WordPress WP Docs plugin <= 2.2.1 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-56288
03 Jan 2025 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Fahad Mahmood WP Docs allows Stored XSS.This issue affects WP Docs: from n/a through 2.2.1. La vulnerabilidad de neutralización incorrecta de la entrada durante la generación de páginas web ('Cross-site Scripting') en WP Docs de Fahad Mahmood permite XSS almacenado. Este problema afecta a WP Docs: desde n/a hasta 2.2.1. The WP Docs plugin for WordPress is vulnerable to Stored Cross-Site Scripting in version... • https://patchstack.com/database/wordpress/plugin/wp-docs/vulnerability/wordpress-wp-docs-plugin-2-2-1-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-35695 – WordPress WP Docs plugin <= 2.1.3 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-35695
06 Jun 2024 — Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Fahad Mahmood WP Docs allows Stored XSS.This issue affects WP Docs: from n/a through 2.1.3. La vulnerabilidad de neutralización inadecuada de la entrada durante la generación de páginas web (XSS o 'Cross-site Scripting') en Fahad Mahmood WP Docs permite XSS Almacenado. Este problema afecta a WP Docs: desde n/a hasta 2.1.3. The WP Docs plugin for WordPress is vulnerable to Stored Cross-Site Scripting ... • https://patchstack.com/database/vulnerability/wp-docs/wordpress-wp-docs-plugin-2-1-3-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-35696 – WordPress WP Docs plugin <= 2.1.3 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-35696
06 Jun 2024 — Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Fahad Mahmood WP Docs allows Reflected XSS.This issue affects WP Docs: from n/a through 2.1.3. La vulnerabilidad de neutralización inadecuada de la entrada durante la generación de páginas web (XSS o 'Cross-site Scripting') en Fahad Mahmood WP Docs permite el XSS reflejado. Este problema afecta a WP Docs: desde n/a hasta 2.1.3. The WP Docs plugin for WordPress is vulnerable to Reflected Cross-Site Sc... • https://patchstack.com/database/vulnerability/wp-docs/wordpress-wp-docs-plugin-2-1-3-cross-site-scripting-xss-vulnerability-2?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-30873 – WordPress WP Docs plugin <= 1.9.8 - Broken Access Control
https://notcve.org/view.php?id=CVE-2023-30873
18 Apr 2023 — Missing Authorization vulnerability in Fahad Mahmood WP Docs allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Docs: from n/a through 1.9.8. The WP Docs plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.9.8. This is due to missing or incorrect nonce validation on the functions wpdocs_create_folder, wpdocs_update_folder, and wpdocs_delete_folder. This makes it possible for unauthenticated attackers to create, renam... • https://patchstack.com/database/wordpress/plugin/wp-docs/vulnerability/wordpress-wp-docs-plugin-1-9-8-broken-access-control?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) CWE-862: Missing Authorization •