BetterDocs

6.5 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Description

The BetterDocs plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.3.3 via the scripts() function. This makes it possible for authenticated attackers, with contributor-level access and above, to extract sensitive data including the OpenAI API key stored in plugin settings.

Basic Information

ID CVE-2025-14980

Source Wordfence

Published Jan 9, 2026 at 06:34

Affected Product

Vendor wpdevteam

Product BetterDocs – Knowledge Base Documentation & FAQ Solution for Elementor & Block Editor

Version *

Affected Versions wpdevteam BetterDocs – Knowledge Base Documentation & FAQ Solution for Elementor & Block Editor *

CWE Classification

CWE-200

References

{
    "lastseen": "",
    "description": "The BetterDocs plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.3.3 via the scripts() function. This makes it possible for authenticated attackers, with contributor-level access and above, to extract sensitive data including the OpenAI API key stored in plugin settings.",
    "published": "2026-01-09T06:34:52.906Z",
    "modified": "2026-01-09T06:34:52.906Z",
    "type": "cve",
    "title": "BetterDocs <= 4.3.3 - Authenticated (Contributor+) Sensitive Information Exposure",
    "source": "Wordfence",
    "references": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1595f231-d300-484a-a0e1-1e2bc7b82ed3?source=cve\nhttps://research.cleantalk.org/cve-2025-14980/\nhttps://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3430424%40betterdocs%2Ftags%2F4.3.4&old=3422660%40betterdocs%2Ftrunk",
    "id": "CVE-2025-14980",
    "bulletinFamily": "",
    "cwe": [
        "CWE-200"
    ],
    "cvelist": null,
    "sourceData": "wpdevteam BetterDocs \u2013  Knowledge Base Documentation & FAQ Solution for Elementor & Block Editor *",
    "sourceHref": "",
    "cvss": {
        "score": 6.5,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "BetterDocs \u2013  Knowledge Base Documentation & FAQ Solution for Elementor & Block Editor",
    "version": "*",
    "vendor": "wpdevteam",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

BetterDocs <= 4.3.3 - Authenticated (Contributor+) Sensitive Information Exposure_CVE-2025-14980