| CVE-2026-6393 | BetterDocs <= 4.3.11 - Missing Authorization to Authenticated (Subscriber+) Unauthorized AI API Usage | wpdevteam | BetterDocs – Knowledge Base Docs & FAQ Solution for Elementor & Block Editor | Medium | 4.3 | 2026-04-24 03:27:06 | Deep Dive |
| CVE-2026-3875 | BetterDocs <= 4.3.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes | wpdevteam | BetterDocs – Knowledge Base Docs & FAQ Solution for Elementor & Block Editor | Medium | 6.4 | 2026-04-16 06:44:52 | Deep Dive |
| CVE-2026-25402 | WordPress Knowledge Base for Documentation, FAQs with AI Assistance plugin <= 16.011.0 - Broken Access Control vulnerability | echoplugins | Knowledge Base for Documentation, FAQs with AI Assistance | - | - | 2026-02-19 08:27:04 | Deep Dive |
| CVE-2025-13921 | weDocs <= 2.1.16 - Missing Authorization to Authenticated (Subscriber+) Documentation Post Update | wedevs | weDocs: AI Powered Knowledge Base, Docs, Documentation, Wiki & AI Chatbot | Medium | 4.3 | 2026-01-23 13:24:24 | Deep Dive |
| CVE-2025-14574 | weDocs: AI Powered Knowledge Base, Docs, Documentation, Wiki & AI Chatbot <= 2.1.15 - Unauthenticated Sensitive Information Exposure | wedevs | weDocs: AI Powered Knowledge Base, Docs, Documentation, Wiki & AI Chatbot | Medium | 5.3 | 2026-01-09 06:34:56 | Deep Dive |
| CVE-2025-14980 | BetterDocs <= 4.3.3 - Authenticated (Contributor+) Sensitive Information Exposure | wpdevteam | BetterDocs – Knowledge Base Docs & FAQ Solution for Elementor & Block Editor | Medium | 6.5 | 2026-01-09 06:34:53 | Deep Dive |
| CVE-2025-62761 | WordPress Knowledge Base documentation & wiki plugin – BasePress plugin <= 2.17.0.1 - Cross Site Scripting (XSS) vulnerability | BasePress | Knowledge Base documentation & wiki plugin – BasePress | Medium | 6.5 | 2025-12-31 08:44:23 | Deep Dive |
| CVE-2025-68992 | WordPress BWL Knowledge Base Manager plugin <= 1.6.3 - Cross Site Scripting (XSS) vulnerability | xenioushk | BWL Knowledge Base Manager | 中危 | - | 2025-12-30 10:47:51 | Deep Dive |
| CVE-2025-12505 | weDocs <= 2.1.14 - Missing Authorization to Settings Update | wedevs | weDocs: AI Powered Knowledge Base, Docs, Documentation, Wiki & AI Chatbot | Medium | 5.4 | 2025-12-06 04:37:50 | Deep Dive |
| CVE-2025-11997 | Document Pro Elementor – Documentation & Knowledge Base <= 1.0.9 - Unauthenticated Information Exposure | ngothoai | Document Pro Elementor – Documentation & Knowledge Base | Medium | 5.3 | 2025-11-11 03:30:40 | Deep Dive |
| CVE-2025-60228 | WordPress Knowledge Base theme <= 2.9 - PHP Object Injection vulnerability | designthemes | Knowledge Base | - | - | 2025-10-22 14:32:46 | Deep Dive |
| CVE-2025-49400 | WordPress PressApps Knowledge Base Contextual Sidebar Addon Plugin <= 4.2.1 - PHP Object Injection Vulnerability | osama.esh | PressApps Knowledge Base Contextual Sidebar Addon | Critical | 9.8 | 2025-08-20 08:03:50 | Deep Dive |
| CVE-2025-7499 | BetterDocs <= 4.1.1 - Missing Authorization to Private And Password-Protected Posts Information Disclosure | wpdevteam | BetterDocs – Knowledge Base Docs & FAQ Solution for Elementor & Block Editor | Medium | 5.3 | 2025-08-16 07:25:29 | Deep Dive |
| CVE-2025-7431 | Knowledge Base <= 2.3.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via Plugin Slug | ajay | Knowledge Base | Medium | 4.4 | 2025-07-18 01:44:06 | Deep Dive |
| CVE-2025-52791 | WordPress Knowledge Base – Knowledge Base Maker plugin <= 1.1.8 - Cross Site Request Forgery (CSRF) Vulnerability | devfelixmoira | Knowledge Base – Knowledge Base Maker | High | 7.1 | 2025-06-20 15:03:42 | Deep Dive |
| CVE-2025-5533 | Knowledge Base <= 2.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting | ajay | Knowledge Base | Medium | 6.4 | 2025-06-06 06:42:48 | Deep Dive |
| CVE-2024-13604 | KB Support – Customer Support Ticket & Helpdesk Plugin, Knowledge Base Plugin <= 1.7.4 - Unauthenticated Sensitive Information Exposure Through Unprotected Directory | logoninc | KB Support – Customer Support Ticket & Helpdesk Plugin, Knowledge Base Plugin | High | 7.5 | 2025-04-05 01:44:45 | Deep Dive |
| CVE-2024-10664 | Knowledge Base documentation & wiki plugin – BasePress Docs <= 2.16.3.3 - Missing Authorization to Authenticated (Subscriber+) Database Update | codesavory | Knowledge Base documentation & wiki plugin – BasePress Docs | Medium | 4.3 | 2024-12-04 07:32:26 | Deep Dive |
| CVE-2024-51677 | WordPress Knowledge Base plugin <= 2.2.0 - Cross Site Scripting (XSS) vulnerability | Ajay | Knowledge Base | Medium | 6.5 | 2024-11-04 14:16:36 | Deep Dive |
| CVE-2022-4974 | Freemius SDK <= 2.4.2 - Missing Authorization Checks | dashlabsltd | YASR – Yet Another Star Rating Plugin for WordPress | Medium | 6.3 | 2024-10-16 06:43:30 | Deep Dive |