Knowledge Base documentation & wiki plugin – BasePress Docs Security & Risk Analysis
wordpress.org/plugins/basepressEasily create & manage documentation. Reduce support tickets & scale your customer support workload. This simple plugin works with any theme.
Is Knowledge Base documentation & wiki plugin – BasePress Docs Safe to Use in 2026?
Generally Safe
Score 95/100Knowledge Base documentation & wiki plugin – BasePress Docs has a strong security track record. Known vulnerabilities have been patched promptly.
The BasePress plugin v2.17.0.2 presents a mixed security posture. On the positive side, the plugin demonstrates good practices in several areas, including a high percentage of SQL queries using prepared statements (90%), a substantial amount of output escaping (82%), and a good number of capability checks (20) and nonce checks (19). There are no reported critical or high-severity vulnerabilities, and importantly, all known CVEs are currently patched, which is a strong indicator of active maintenance.
However, significant concerns arise from the attack surface analysis. With 30 total entry points, 8 of which lack authentication checks, there's a notable exposure to potential unauthorized access or actions. Furthermore, the taint analysis reveals 10 flows with unsanitized paths, even though they are not classified as critical or high severity. This suggests potential vulnerabilities like Cross-Site Scripting (XSS) or Server-Side Request Forgery (SSRF) could exist, especially considering these were identified as common vulnerability types in its history. The presence of 4 medium-severity CVEs in its history, although all patched, also indicates a past trend of security weaknesses in these specific areas.
In conclusion, while BasePress has made improvements and addresses past vulnerabilities, the number of unprotected AJAX handlers and the presence of unsanitized taint flows are critical areas for immediate attention. The plugin has a history of medium-severity issues, including XSS, Missing Authorization, and SSRF, reinforcing the need for vigilance around its remaining potential weaknesses.
Key Concerns
- 8 AJAX handlers without auth checks
- 10 flows with unsanitized paths
- Bundled library Freemius v1.0 potentially outdated
- 4 medium severity CVEs in history
Knowledge Base documentation & wiki plugin – BasePress Docs Security Vulnerabilities
CVEs by Year
Severity Breakdown
4 total CVEs
Knowledge Base documentation & wiki plugin – BasePress <= 2.17.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
Knowledge Base documentation & wiki plugin – BasePress Docs <= 2.16.3.3 - Missing Authorization to Authenticated (Subscriber+) Database Update
Knowledge Base documentation & wiki plugin – BasePress <= 2.16.1 - Authenticated (Subscriber+) Server-Side Request Forgery
Knowledge Base documentation & wiki plugin – BasePress <= 2.16.1 - Missing Authorization
Knowledge Base documentation & wiki plugin – BasePress Docs Code Analysis
Bundled Libraries
SQL Query Safety
Output Escaping
Data Flow Analysis
Knowledge Base documentation & wiki plugin – BasePress Docs Attack Surface
AJAX Handlers 25
REST API Routes 2
Shortcodes 3
WordPress Hooks 123
Maintenance & Trust
Knowledge Base documentation & wiki plugin – BasePress Docs Maintenance & Trust
Maintenance Signals
Community Trust
Knowledge Base documentation & wiki plugin – BasePress Docs Alternatives
Smart Docs
smart-docs
Knowledge Base & Documentation Plugin for WordPress.
weDocs: AI Powered Knowledge Base, Docs, Documentation, Wiki & AI Chatbot
wedocs
Build AI-powered documentation hub with knowledge base, docs, wiki tools and chatbot support with weDocs, built by weDevs with 13 years of innovation.
WPHelpKit
wphelpkit
Create a fully featured Help Center site (Knowledge Base, Documentation, Wiki, FAQs) with WordPress.
BetterDocs – Knowledge Base Docs & FAQ Solution for Elementor & Block Editor
betterdocs
A full-featured documentation plugin including AI writing assistance to create knowledge bases, docs, FAQs, wikis, and more with easy drag & drop UI.
BuddyPress Docs
buddypress-docs
Adds collaborative Docs to BuddyPress.
Knowledge Base documentation & wiki plugin – BasePress Docs Developer Profile
3 plugins · 2K total installs
How We Detect Knowledge Base documentation & wiki plugin – BasePress Docs
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/basepress/assets/css/backend.css/wp-content/plugins/basepress/assets/css/frontend.css/wp-content/plugins/basepress/assets/js/frontend.js/wp-content/plugins/basepress/assets/js/admin.js/wp-content/plugins/basepress/assets/js/basepress-wizard.js/wp-content/plugins/basepress/assets/js/colorpicker.js/wp-content/plugins/basepress/assets/js/customizer.js/wp-content/plugins/basepress/assets/js/select2.full.min.js+34 more/wp-content/plugins/basepress/assets/js/frontend.js/wp-content/plugins/basepress/assets/js/admin.js/wp-content/plugins/basepress/assets/js/basepress-wizard.js/wp-content/plugins/basepress/assets/js/colorpicker.js/wp-content/plugins/basepress/assets/js/customizer.js/wp-content/plugins/basepress/assets/js/select2.full.min.js+6 morebasepress.js?ver=basepress.css?ver=HTML / DOM Fingerprints
basepress-headerbasepress-titlebasepress-breadcrumbsbasepress-contentbasepress-singlebasepress-post-navigationbasepress-search-formbasepress-toc+10 more<!-- BasePress: DO NOT MODIFY THIS FILE DIRECTLY. --><!-- BasePress Plugin Settings --><!-- BasePress Single Post Settings --><!-- BasePress Article Meta -->+3 moredata-basepress-iddata-basepress-slugdata-basepress-titledata-basepress-post-typedata-basepress-templatedata-basepress-sectionbasepressBasePressFrontendBasePressAdmin[basepress_search][basepress_toc][basepress_faq][basepress_tabs]