cleantalk
Vulnerabilities and Security Researches

BetterDocs – Best Documentation, FAQ & Knowledge Base Plugin with AI Support, CVE-2026-6393

CVE, Research URL

CVE-2026-6393

Home page URL

Security reports for BetterDocs – Best Documentation, FAQ & Knowledge Base Plugin with AI Support

Application

BetterDocs – Best Documentation, FAQ & Knowledge Base Plugin with AI Support

Published on
Apr 24, 2026
Research Description
The BetterDocs plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 4.3.11. This is due to a missing capability check in the generate_openai_content_callback() function, which relies solely on a nonce rather than verifying user permissions. This makes it possible for authenticated attackers, with subscriber-level access and above, to trigger OpenAI API calls using the site's configured API key with arbitrary user-controlled prompts, leading to unauthorized consumption of the site owner's paid AI API quota.
Affected versions
max 4.3.12.
Status
vulnerable
Previous vulnerability researches
Maps for WP (CVE-2025-57952) , Apr 24, 2026
Maps for WP (CVE-2025-32179) , Apr 06, 2025
Maps for WP (CVE-2024-13648) , Feb 22, 2025
New vulnerability
PlayerJS (CVE-2025-58651) , Apr 25, 2026
PilotPress (CVE-2025-58238) , Apr 25, 2026
Real Estate Manager – Property Listing and Agent Management (CVE-2025-58253) , Apr 25, 2026
MarketKing — Ultimate WooCommerce Multivendor Marketplace Solution (CVE-2025-58702) , Apr 25, 2026
Webdesignby Recaptcha (CVE-2026-4512) , Apr 25, 2026