PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-15104 wpdevteam CVE debrief

The BetterDocs – AI Documentation, Knowledge Base, Docs, Wikis, FAQ with Chatbot plugin for WordPress is vulnerable to generic SQL Injection via the 'lang' parameter in all versions up to, and including, 4.6.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This vulnerability allows authenticated attackers with custom-level access and above to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. The exploitation of this vulnerability requires a supported multilingual plugin (WPML, Polylang, qTranslate, Weglot, or TranslatePress) to be active on the site, as the vulnerable code path is gated by Helper::is_multilingual_active(). To mitigate this vulnerability, site owners should update the BetterDocs plugin to a version beyond 4.6.0, if available, and implement robust input validation and sanitization for user-supplied parameters. Additionally, restricting access to sensitive database queries and tables, monitoring database activity for suspicious query patterns, and considering the use of a Web Application Firewall (WAF) to detect and prevent SQL injection attempts are recommended.

Vendor
wpdevteam
Product
BetterDocs – AI Documentation, Knowledge Base, Docs, Wikis, FAQ with Chatbot
CVSS
MEDIUM 6.5
CISA KEV
Not listed in stored evidence
Original CVE published
2026-07-10
Original CVE updated
2026-07-10
Advisory published
2026-07-10
Advisory updated
2026-07-10

Who should care

Authenticated attackers with custom-level access and above could exploit this vulnerability to extract sensitive information from the database. Site owners using the BetterDocs plugin, especially those with multilingual sites using plugins like WPML, Polylang, qTranslate, Weglot, or TranslatePress, should take immediate action.

Technical summary

The BetterDocs plugin for WordPress is vulnerable to SQL injection attacks due to insufficient escaping of the user-supplied 'lang' parameter and inadequate preparation of existing SQL queries. This vulnerability exists in all versions up to and including 4.6.0. Exploitation requires a supported multilingual plugin to be active on the site, as the vulnerable code path is gated by the Helper::is_multilingual_active() function. Authenticated attackers with custom-level access and above can append additional SQL queries to existing ones, potentially leading to sensitive information disclosure.

Defensive priority

Medium priority due to the requirement for authenticated access and a multilingual plugin to be active.

Recommended defensive actions

  • Update the BetterDocs plugin to a version beyond 4.6.0, if available.
  • Implement robust input validation and sanitization for user-supplied parameters.
  • Restrict access to sensitive database queries and tables.
  • Monitor database activity for suspicious query patterns.
  • Consider using a Web Application Firewall (WAF) to detect and prevent SQL injection attempts.

Evidence notes

The CVE record was published on 2026-07-10T09:16:53.407Z and was last modified on 2026-07-10T19:17:20.210Z. The vulnerability was reported by [email protected]. Multiple references are provided, including links to the vulnerable code and a Wordfence threat intelligence page.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-10T09:16:53.407Z and has not been modified since then.