CVE-2025-7499 MEDIUM

CVE-2025-7499: BetterDocs <= 4.1.1 - Missing Authorization to Private And Password-Protected Posts Information Disclosure

Vendor Wpdevteam
Product BetterDocs – Knowledge Base Docs & FAQ Solution for Elementor & Block Editor
Weakness CWE-862 · Missing authorization
Published August 16, 2025
Last update April 8, 2026

CVSS base score

5.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

What the vulnerability does

01Description

The BetterDocs – Advanced AI-Driven Documentation, FAQ & Knowledge Base Tool for Elementor & Gutenberg with Encyclopedia, AI Support, Instant Answers plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the get_response function in all versions up to and including 4.1.1. This makes it possible for unauthenticated attackers to retrieve passwords for password-protected documents as well as the metadata of private and draft documents.

Explanation of Vulnerability in Simple Terms

02Summary

BetterDocs versions up to 4.1.1 lack proper authorization checks, allowing unauthenticated attackers to read sensitive information. An attacker can access data without logging in or requiring any special privileges. The vulnerability affects the knowledge base plugin across all versions from release through 4.1.1.

What an attacker can do

03Attacker Capabilities

Read sensitive information from the knowledge base without authentication.

Potential impact on your site

04Site Impact

Confidential documentation or FAQ content may be exposed to unauthorized visitors.

Conditions required to exploit

05Prerequisites

Network access only; no authentication or user interaction required.

Key dates

06Disclosure timeline

August 16, 2025 CVE published
April 8, 2026 Record updated

Related vulnerabilities

08Related CVE