Wp Docs

Source repositories

CVE	Vendor / Product	Sev	Risk	CVSS	Published	Description
CVE-2026-3878	WordPress Wp Docs	Med	0.42	6.4	Apr 16, 2026	The WP Docs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wpdocs_options[icon_size]' parameter in all versions up to, and including, 2.2.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
CVE-2026-24990	Androidbubbles Wp Docs	Med	0.35	5.4	Feb 3, 2026	Missing Authorization vulnerability in Fahad Mahmood WP Docs wp-docs allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Docs: from n/a through <= 2.2.8.
CVE-2025-31417	WordPress Wp Docs	Med	0.28	4.3	Mar 31, 2025	Missing Authorization vulnerability in Fahad Mahmood WP Docs wp-docs allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Docs: from n/a through < 2.2.7.

CVE-2026-3878MedApr 16, 2026
WordPress
Wp Docs
risk 0.42cvss 6.4epss 0.00
The WP Docs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wpdocs_options[icon_size]' parameter in all versions up to, and including, 2.2.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
CVE-2026-24990MedFeb 3, 2026
Androidbubbles
Wp Docs
risk 0.35cvss 5.4epss 0.00
Missing Authorization vulnerability in Fahad Mahmood WP Docs wp-docs allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Docs: from n/a through <= 2.2.8.
CVE-2025-31417MedMar 31, 2025
WordPress
Wp Docs
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in Fahad Mahmood WP Docs wp-docs allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Docs: from n/a through < 2.2.7.