PatchSiren cyber security CVE debrief
CVE-2026-15104 wpdevteam CVE debrief
The BetterDocs – AI Documentation, Knowledge Base, Docs, Wikis, FAQ with Chatbot plugin for WordPress is vulnerable to generic SQL Injection via the 'lang' parameter in all versions up to, and including, 4.6.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This vulnerability allows authenticated attackers with custom-level access and above to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. The exploitation of this vulnerability requires a supported multilingual plugin (WPML, Polylang, qTranslate, Weglot, or TranslatePress) to be active on the site, as the vulnerable code path is gated by Helper::is_multilingual_active(). To mitigate this vulnerability, site owners should update the BetterDocs plugin to a version beyond 4.6.0, if available, and implement robust input validation and sanitization for user-supplied parameters. Additionally, restricting access to sensitive database queries and tables, monitoring database activity for suspicious query patterns, and considering the use of a Web Application Firewall (WAF) to detect and prevent SQL injection attempts are recommended.
- Vendor
- wpdevteam
- Product
- BetterDocs – AI Documentation, Knowledge Base, Docs, Wikis, FAQ with Chatbot
- CVSS
- MEDIUM 6.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-07-10
- Original CVE updated
- 2026-07-10
- Advisory published
- 2026-07-10
- Advisory updated
- 2026-07-10
Who should care
Authenticated attackers with custom-level access and above could exploit this vulnerability to extract sensitive information from the database. Site owners using the BetterDocs plugin, especially those with multilingual sites using plugins like WPML, Polylang, qTranslate, Weglot, or TranslatePress, should take immediate action.
Technical summary
The BetterDocs plugin for WordPress is vulnerable to SQL injection attacks due to insufficient escaping of the user-supplied 'lang' parameter and inadequate preparation of existing SQL queries. This vulnerability exists in all versions up to and including 4.6.0. Exploitation requires a supported multilingual plugin to be active on the site, as the vulnerable code path is gated by the Helper::is_multilingual_active() function. Authenticated attackers with custom-level access and above can append additional SQL queries to existing ones, potentially leading to sensitive information disclosure.
Defensive priority
Medium priority due to the requirement for authenticated access and a multilingual plugin to be active.
Recommended defensive actions
- Update the BetterDocs plugin to a version beyond 4.6.0, if available.
- Implement robust input validation and sanitization for user-supplied parameters.
- Restrict access to sensitive database queries and tables.
- Monitor database activity for suspicious query patterns.
- Consider using a Web Application Firewall (WAF) to detect and prevent SQL injection attempts.
Evidence notes
The CVE record was published on 2026-07-10T09:16:53.407Z and was last modified on 2026-07-10T19:17:20.210Z. The vulnerability was reported by [email protected]. Multiple references are provided, including links to the vulnerable code and a Wordfence threat intelligence page.
Official resources
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-10T09:16:53.407Z and has not been modified since then.