CVE-2026-3875

Name of the Vulnerable Software and Affected Versions BetterDocs versions prior to 4.3.9

Description The BetterDocs plugin for WordPress contains a Stored Cross-Site Scripting issue via the 'betterdocs feedback form' shortcode. Insufficient input sanitization and output escaping on user supplied shortcode attributes allow authenticated attackers with contributor level access and above to inject arbitrary web scripts into pages. These scripts execute whenever a user accesses the affected page.

Recommendations Update to a version newer than 4.3.8.