Threat Entry Updated 2026-04-16

CVE-2026-3875 - Betterdocs Plugin

The BetterDocs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'betterdocs_feedback_form' shortcode in all versions up to, and including, 4.3.8. This is due to insufficient input sanitization and output escaping on user supplied shortcode attributes. This makes it possible for authenticated attackers, with contributor level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

PLUGIN Betterdocs

CVE-2026-3875

MEDIUM CVSS 6.4 2026-04-16

Risk Score

Open Full Technical Breakdown

Threat Entry Updated 2026-01-13

CVE-2025-14980 - Betterdocs Plugin

The BetterDocs plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.3.3 via the scripts() function. This makes it possible for authenticated attackers, with contributor-level access and above, to extract sensitive data including the OpenAI API key stored in plugin settings.

PLUGIN Betterdocs

CVE-2025-14980

MEDIUM CVSS 6.5 2026-01-09

Risk Score

Open Full Technical Breakdown

Threat Entry Updated 2025-08-18

CVE-2025-7499 - Betterdocs Plugin

The BetterDocs – Advanced AI-Driven Documentation, FAQ & Knowledge Base Tool for Elementor & Gutenberg with Encyclopedia, AI Support, Instant Answers plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the get_response function in all versions up to and including 4.1.1. This makes it possible for unauthenticated attackers to retrieve passwords for password-protected documents as well as the metadata of private and draft documents.

PLUGIN Betterdocs

CVE-2025-7499

MEDIUM CVSS 5.3 2025-08-16

Risk Score

Open Full Technical Breakdown