📄 Description (English)
The BetterDocs Pro plugin for WordPress is vulnerable to SQL Injection via the `get_current_letter_docs` and `docs_sort_by_letter` AJAX actions in all versions up to, and including, 3.7.0. This is due to the `limit` POST parameter being interpolated directly into a SQL query string before being passed to `$wpdb->prepare()`, which only parameterizes other variables. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. The Encyclopedia feature must be enabled in BetterDocs Pro settings for the vulnerability to be exploitable.
🤖 AI Executive Summary
CVE-2026-4348 is a critical SQL injection vulnerability in BetterDocs Pro WordPress plugin (versions ≤3.7.0) affecting unauthenticated users when the Encyclopedia feature is enabled. The vulnerability exists in AJAX actions where the `limit` parameter is directly interpolated into SQL queries, allowing attackers to extract sensitive database information. With a CVSS score of 7.5 and no patch currently available, this poses an immediate threat to WordPress installations using this plugin.
📄 Description (Arabic)
🤖 AI Intelligence Analysis Analyzed: May 12, 2026 04:18
🇸🇦 Saudi Arabia Impact Assessment
Saudi organizations using WordPress with BetterDocs Pro plugin are at significant risk, particularly: (1) Government agencies and NCA-regulated entities hosting knowledge bases or documentation portals; (2) Banking and financial institutions (SAMA-regulated) using the plugin for customer documentation; (3) Healthcare providers and SEHA-affiliated organizations maintaining patient information systems; (4) Telecommunications companies (STC, Mobily, Zain) using the plugin for service documentation; (5) E-commerce and retail sectors storing customer data. The vulnerability allows unauthenticated SQL injection, enabling attackers to extract customer PII, financial records, authentication credentials, and other sensitive data without requiring valid credentials.
🏢 Affected Saudi Sectors
Government & Public Administration
Banking & Financial Services
Healthcare & Pharmaceuticals
Energy & Utilities
Telecommunications
E-commerce & Retail
Education
Insurance
🎯 MITRE ATT&CK Techniques
⚖️ Saudi Risk Score (AI)
8.2
/ 10.0
🔧 Remediation Steps (English)
IMMEDIATE ACTIONS:
1. Disable the Encyclopedia feature in BetterDocs Pro settings immediately if not critical to operations
2. Deactivate and remove the BetterDocs Pro plugin until a patched version is available
3. Review WordPress access logs for suspicious AJAX requests to `get_current_letter_docs` and `docs_sort_by_letter` actions
4. Conduct database audit to identify any unauthorized data extraction or SQL injection attempts
PATCHING GUIDANCE:
1. Monitor BetterDocs Pro official repository for security updates (check plugin changelog weekly)
2. Contact BetterDocs Pro support to request emergency patch timeline
3. Once patch is available, immediately update to patched version after testing in staging environment
COMPENSATING CONTROLS (if removal not possible):
1. Implement Web Application Firewall (WAF) rules to block SQL injection patterns in POST parameters containing 'limit'
2. Restrict AJAX endpoint access via .htaccess or nginx configuration to known IP ranges only
3. Implement rate limiting on AJAX actions to prevent automated exploitation
4. Add database query logging and monitoring for suspicious SQL patterns
5. Apply WordPress security hardening: disable file editing, restrict plugin access, implement 2FA
DETECTION RULES:
1. Monitor for POST requests to wp-admin/admin-ajax.php with action=get_current_letter_docs or action=docs_sort_by_letter
2. Alert on 'limit' parameter containing SQL keywords: UNION, SELECT, DROP, INSERT, DELETE, OR, AND
3. Monitor database error logs for SQL syntax errors from WordPress user
4. Track unusual database queries accessing wp_users, wp_usermeta, or other sensitive tables
5. Implement IDS/IPS signatures for SQL injection patterns in POST data
🔧 خطوات المعالجة (العربية)
الإجراءات الفورية:
1. عطّل ميزة الموسوعة في إعدادات BetterDocs Pro فوراً إذا لم تكن حرجة للعمليات
2. قم بإلغاء تفعيل وإزالة إضافة BetterDocs Pro حتى يتوفر إصدار معدّل
3. راجع سجلات وصول WordPress للطلبات المريبة من AJAX إلى إجراءات `get_current_letter_docs` و `docs_sort_by_letter`
4. أجرِ تدقيق قاعدة البيانات لتحديد أي محاولات استخراج بيانات غير مصرح بها أو حقن SQL
توجيهات التصحيح:
1. راقب مستودع BetterDocs Pro الرسمي للتحديثات الأمنية (تحقق من سجل التغييرات أسبوعياً)
2. اتصل بدعم BetterDocs Pro لطلب جدول زمني للتصحيح الطارئ
3. عند توفر التصحيح، قم بالتحديث الفوري إلى الإصدار المعدّل بعد الاختبار في بيئة التطوير
الضوابط البديلة (إذا لم يكن الحذف ممكناً):
1. طبّق قواعد جدار حماية تطبيقات الويب (WAF) لحجب أنماط حقن SQL في معاملات POST التي تحتوي على 'limit'
2. قيّد وصول نقطة نهاية AJAX إلى نطاقات عناوين IP معروفة فقط عبر .htaccess أو nginx
3. طبّق تحديد معدل على إجراءات AJAX لمنع الاستغلال الآلي
4. أضف تسجيل ومراقبة استعلامات قاعدة البيانات للأنماط المريبة
5. طبّق تقسية أمان WordPress: عطّل تحرير الملفات، قيّد وصول الإضافات، طبّق المصادقة الثنائية
قواعد الكشف:
1. راقب طلبات POST إلى wp-admin/admin-ajax.php مع action=get_current_letter_docs أو action=docs_sort_by_letter
2. أصدر تنبيهات عند احتواء معامل 'limit' على كلمات مفتاحية SQL: UNION, SELECT, DROP, INSERT, DELETE, OR, AND
3. تتبع أخطاء قاعدة البيانات من سجلات بناء جملة SQL من مستخدم WordPress
4. تتبع استعلامات قاعدة البيانات غير العادية التي تصل إلى wp_users, wp_usermeta أو جداول حساسة أخرى
5. طبّق توقيعات IDS/IPS لأنماط حقن SQL في بيانات POST
📋 Regulatory Compliance Mapping
🟢 NCA ECC 2024
5.1 - Access Control and Authentication
5.2 - Cryptography and Data Protection
5.3 - System and Communications Protection
5.4 - System Monitoring and Logging
5.5 - Vulnerability Management
🔵 SAMA CSF
Governance & Risk Management - Vulnerability Management
Information Security - Data Protection and Privacy
Operational Resilience - Incident Detection and Response
Technology & Infrastructure - Application Security
🟡 ISO 27001:2022
A.5.1.1 - Information security policies
A.8.1.1 - User endpoint devices
A.8.2.1 - User access management
A.8.3.1 - Password management
A.12.2.1 - Restrictions on software installation
A.12.6.1 - Management of technical vulnerabilities
A.14.2.1 - Secure development policy
🟣 PCI DSS v4.0.1
Requirement 1 - Install and maintain a firewall configuration
Requirement 6 - Develop and maintain secure systems and applications
Requirement 6.2 - Ensure security patches are installed
Requirement 11 - Regularly test security systems and processes