Description
The BetterDocs - Knowledge Base Docs & FAQ Solution for Elementor & Block Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the blockId attribute of the betterdocs/category-slate-layout Gutenberg block in versions up to, and including, 4.5.3. This is due to insufficient input sanitization and output escaping in the CategorySlateLayout::render() method, which echoes the blockId block attribute directly into an HTML class attribute without esc_attr(). This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Published: 2026-06-19
Score: 6.4 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The Vulnerability is a stored Cross‑Site Scripting flaw that allows authenticated users with contributor or higher privileges to embed arbitrary scripts into WordPress pages via the blockId attribute of the betterdocs/category-slate-layout Gutenberg block. The CategorySlateLayout::render() method outputs the blockId directly into an HTML class attribute without proper sanitization, so any script included will execute whenever the page is viewed. This can enable attackers to hijack user sessions, steal cookies, deface the site, or run further malicious payloads. The impact is therefore integrity and confidentiality of site data for any visitor who loads the affected page.

Affected Systems

WordPress sites that have installed the BetterDocs Knowledge Base plugin in any version up to and including 4.5.3. The vulnerability exists specifically in the CategorySlateLayout block used for layout configuration in the Block Editor. To be affected one must have access to the WordPress admin interface with contributor-level or higher permissions, and use or edit the vulnerable block on a page or post.

Risk and Exploitability

The CVSS score of 6.4 indicates a moderate severity. EPSS data is not available and the vulnerability is not listed in the CISA KEV catalog, suggesting no active exploit has been reported publicly. The attack path requires authenticated access at contributor level or higher, meaning the threat is primarily internal or from compromised contributors. An attacker who succeeds could inject scripts that persist until the page is viewed, leading to session theft or defacement. Given the authentication requirement, the probability of exploitation in the wild is moderate but significant if contributor accounts are weak or compromised.

Generated by OpenCVE AI on June 19, 2026 at 07:24 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update BetterDocs to the latest release (≥4.5.4) where the blockId attribute is properly escaped.
  • If an immediate update is not possible, disable the CategorySlateLayout block for contributors or restrict contributor permissions from editing this block type.
  • After the fix or restriction, search existing page content for injected scripts or suspicious class attributes and clean them manually or with a cleanup script.

Generated by OpenCVE AI on June 19, 2026 at 07:24 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 22 Jun 2026 13:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Sun, 21 Jun 2026 09:45:00 +0000

Type Values Removed Values Added
First Time appeared Wordpress
Wordpress wordpress
Wpdevteam
Wpdevteam betterdocs – Ai Documentation, Knowledge Base, Docs, Wikis, Faq With Chatbot
Vendors & Products Wordpress
Wordpress wordpress
Wpdevteam
Wpdevteam betterdocs – Ai Documentation, Knowledge Base, Docs, Wikis, Faq With Chatbot

Fri, 19 Jun 2026 06:15:00 +0000

Type Values Removed Values Added
Description The BetterDocs - Knowledge Base Docs & FAQ Solution for Elementor & Block Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the blockId attribute of the betterdocs/category-slate-layout Gutenberg block in versions up to, and including, 4.5.3. This is due to insufficient input sanitization and output escaping in the CategorySlateLayout::render() method, which echoes the blockId block attribute directly into an HTML class attribute without esc_attr(). This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Title BetterDocs <= 4.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'blockId' Block Attribute
Weaknesses CWE-79
References
Metrics cvssV3_1

{'score': 6.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N'}


Subscriptions

Wordpress Wordpress
Wpdevteam Betterdocs – Ai Documentation, Knowledge Base, Docs, Wikis, Faq With Chatbot
cve-icon MITRE

Status: PUBLISHED

Assigner: Wordfence

Published:

Updated: 2026-06-22T12:52:02.336Z

Reserved: 2026-06-12T18:27:41.912Z

Link: CVE-2026-12157

cve-icon Vulnrichment

Updated: 2026-06-22T12:51:57.865Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-20T22:36:27Z

Weaknesses
  • CWE-79

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')