BetterDocs < 4.1.2 – Missing Authorization to Private And Password-Protected Posts Information Disclosure | CVE 2025-7499 | Plugin Vulnerabilities

Description

The BetterDocs – Advanced AI-Driven Documentation, FAQ & Knowledge Base Tool for Elementor & Gutenberg with Encyclopedia, AI Support, Instant Answers plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the get_response function in all versions up to and including 4.1.1. This makes it possible for unauthenticated attackers to retrieve passwords for password-protected documents as well as the metadata of private and draft documents.

Affects Plugins

Fixed in 4.1.2

References

CVE

URL

https://www.wordfence.com/threat-intel/vulnerabilities/id/5231b741-4d02-45b5-b2aa-0d9d3536a416

Classification

Type

NO AUTHORISATION

OWASP top 10

A5: Broken Access Control

CWE

CVSS

Miscellaneous

Original Researcher

xitsec

Verified

No

WPVDB ID

239549d0-0e98-4aa2-a89b-e2bd1179a3bc

Timeline

Publicly Published

2025-08-15 (about 8 months ago)

Added

2025-08-15 (about 8 months ago)

Last Updated

2025-08-16 (about 8 months ago)

Other

Published

Title

Published

2025-05-26

Title

MStore API – Create Native Android & iOS Apps On The Cloud < 4.17.6 - Missing Authorization to Authenticated (Subscriber+) Posts Creation

Published

2025-01-07

Title

Slides & Presentations <= 0.0.39 - Missing Authorization

Published

2024-11-19

Title

Wawp < 3.0.18 - Unauthenticated Privilege Escalation

Published

2024-06-17

Title

Ibtana - WordPress Website Builder < 1.2.3.4 - Unauthenticated reCAPTCHA Settings Update

Published

2025-01-16

Title

Realty Workstation <= 1.0.45 - Missing Authorization