WordPress Plugin Vulnerabilities

BetterDocs < 2.5.3 - Missing Authorization via AJAX actions

Description

The BetterDocs plugin for WordPress is vulnerable to unauthorized document modification due to a missing capability check on several AJAX functions in versions up to, and including, 2.5.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to modify documents.

Affects Plugins

Plugin icon
betterdocs
Fixed in 2.5.3

References

CVE
CVE-2023-47762
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/2a7d6059-4cef-4bd1-a14d-ad544bfaeea3

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
Abdi Pranata
Verified
No
WPVDB ID
4a94ca48-09d3-47b1-8377-66e1ea5ea174

Timeline

Publicly Published
2023-11-13 (about 2 years ago)
Added
2023-11-23 (about 2 years ago)
Last Updated
2024-01-22 (about 2 years ago)

Other

Published
Title
Published
2026-02-18
Title
Dealia – Request a quote < 1.0.8 - Missing Authorization to Authenticated (Contributor+) Plugin Configuration Reset
Published
2023-10-25
Title
YITH WooCommerce Product Add-Ons < 4.2.1 - Missing Authorization
Published
2026-02-17
Title
YayMail < 4.3.3 - Missing Authorization to Authenticated (Shop Manager+) License Key Deletion via '/yaymail-license/v1/license/delete' Endpoint
Published
2025-11-04
Title
Popup and Slider Builder by Depicter – Add Email collecting Popup, Popup Modal, Coupon Popup, Image Slider, Carousel Slider, Post Slider Carousel < 4.0.5 - Missing Authorization to Authenticated (Contributor+) Safe File Type Upload
Published
2024-07-04
Title
Ninja Forms < 3.8.5 - Authenticated (Subscriber+) Arbitrary Shortcode Execution