CVE-2026-7515

CRITICAL

BetterDocs Pro <= 3.8.0 - Unauthenticated Local File Inclusion via doc_style

Title source: cna

Exploitation Summary

EIP tracks 2 public exploits for CVE-2026-7515. PoCs published by Polosss, izxci.

AI-analyzed exploit summary This repository provides a detailed technical analysis of CVE-2026-7515, an unauthenticated Local File Inclusion (LFI) vulnerability in BetterDocs Pro <= 3.8.0. It includes root cause analysis, patch diffs, and a proof-of-concept exploitation method.

Description

The BetterDocs Pro plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 3.8.0 via the `doc_style` parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary .php files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where .php file types can be uploaded and included.

Exploits (2)

nomisec WRITEUP 1 stars

by Polosss · poc

https://github.com/Polosss/By-Poloss..-..CVE-2026-7515-PoC

View Code ZIP pw:eip

This repository provides a detailed technical analysis of CVE-2026-7515, an unauthenticated Local File Inclusion (LFI) vulnerability in BetterDocs Pro <= 3.8.0. It includes root cause analysis, patch diffs, and a proof-of-concept exploitation method.

Classification

Writeup 100%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: BetterDocs Pro <= 3.8.0

No auth needed

Prerequisites: Valid nonce from BetterDocs Encyclopedia block

MITRE ATT&CK

T1005 - Data from Local System T1552 - Unsecured Credentials

devstral-2 · analyzed Jun 19, 2026 Full analysis →

github WORKING POC

by izxci · pythonpoc

https://github.com/izxci/CVE_2026_7515

View Code ZIP pw:eip

This repository contains a functional Python exploit for CVE-2026-7515, an unauthenticated Local File Inclusion (LFI) vulnerability in BetterDocs Pro <= 3.8.0. The exploit automates nonce extraction, target verification, and LFI payload delivery via the 'doc_style' parameter in WordPress AJAX endpoints.

Classification

Working Poc 95%

Attack Type

Info Leak

Complexity

Moderate

Reliability

Reliable

Target: BetterDocs Pro <= 3.8.0

No auth needed

Prerequisites: WordPress site with BetterDocs Pro plugin installed · Network access to the target

MITRE ATT&CK

T1005 - Data from Local System T1552 - Unsecured Credentials

devstral-2 · analyzed Jun 19, 2026 Full analysis →

References (3)

Core 3

Core References

https://www.wordfence.com/threat-intel/vulnerabilities/id/694b67d2-7d60-4764-a2c0-02698c331772?source=cve

https://betterdocs.co/

https://betterdocs.co/changelog/

Scores

CVSS v3 9.8

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-98

Status published

Products (1)

betterdocs/BetterDocs Pro < 3.8.0

Published Jun 19, 2026

Tracked Since Jun 19, 2026