Vulnerabilities > Androidbubble > WP Docs > 1.9.7
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-01-07 | CVE-2024-56288 | Cross-site Scripting vulnerability in Androidbubble WP Docs Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Fahad Mahmood WP Docs allows Stored XSS.This issue affects WP Docs: from n/a through 2.2.1. | 4.8 |
| 2024-12-21 | CVE-2024-12635 | SQL Injection vulnerability in Androidbubble WP Docs The WP Docs plugin for WordPress is vulnerable to time-based SQL Injection via the 'dir_id' parameter in all versions up to, and including, 2.2.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. | 6.5 |
| 2024-12-09 | CVE-2023-30873 | Missing Authorization vulnerability in Androidbubble WP Docs Missing Authorization vulnerability in Fahad Mahmood WP Docs allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Docs: from n/a through 1.9.8. | 8.8 |
| 2024-06-08 | CVE-2024-35696 | Unspecified vulnerability in Androidbubble WP Docs Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Fahad Mahmood WP Docs allows Reflected XSS.This issue affects WP Docs: from n/a through 2.1.3. | 6.1 |