Unrated severityNVD Advisory· Published Jun 19, 2026

BetterDocs Pro <= 3.8.0 - Unauthenticated Local File Inclusion via doc_style

CVE-2026-7515

Description

The BetterDocs Pro plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 3.8.0 via the doc_style parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary .php files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where .php file types can be uploaded and included.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

WordPress/Betterdocs Proinferred2 versions
<=3.8.0+ 1 more
- (no CPE)range: <=3.8.0
- (no CPE)range: <=3.8.0
Package: https://wordpress.org/plugins/betterdocs-pro

Patches

Vulnerability mechanics

No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.

References

News mentions

25 WordPress Plugin CVEs Drop in Two Days: Critical File Deletion, SSRF, and XSS Lead the Batch
Vypr Intelligence · Jun 19, 2026

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000