VulnTitan VulnTitan Security command center
Plugin Vulnerability Hub
Plugin 9 known issues Latest disclosed Apr 23, 2026

BetterDocs – Knowledge Base Docs & FAQ Solution for Elementor & Block Editor Vulnerabilities

Review known vulnerability records for the WordPress plugin BetterDocs – Knowledge Base Docs & FAQ Solution for Elementor & Block Editor (`betterdocs`), including severity, CVE references, affected versions, and patch status.

Recent tracked CVEs on this page include CVE-2026-6393, CVE-2026-3875 and CVE-2025-14980, so operators can jump from disclosure to patch validation without scanning the full feed first.

View on WordPress.org Back to Feed
Known Records
9
High or Critical
2
Patch Coverage
100%
Last Updated
Apr 23, 2026
Priority CVE Quick Links

Fast paths into BetterDocs – Knowledge Base Docs & FAQ Solution for Elementor & Block Editor CVE reports

Start with the highest-signal CVE records for this WordPress plugin before scanning the full vulnerability feed.

Indexed CVEs
9
CVE-2024-30226 Critical 3.3.4
CVE-2024-30226 BetterDocs – Knowledge Base Docs & FAQ Solution for Elementor & Block Editor Vulnerability

BetterDocs – Best Documentation, FAQ & Knowledge Base Plugin with AI Support & Instant Answer for Elementor & Gutenberg <= 3.3.3 - Unauthenticated PHP Object Injection

CVE-2024-43129 High 3.5.9
CVE-2024-43129 BetterDocs – Knowledge Base Docs & FAQ Solution for Elementor & Block Editor Local File Inclusion

BetterDocs <= 3.5.8 - Authenticated (Contributor+) Local File Inclusion

CVE-2025-14980 Medium 4.3.4
CVE-2025-14980 BetterDocs – Knowledge Base Docs & FAQ Solution for Elementor & Block Editor Sensitive Information Exposure

BetterDocs <= 4.3.3 - Authenticated (Contributor+) Sensitive Information Exposure

CVE-2026-3875 Medium 4.3.9
CVE-2026-3875 BetterDocs – Knowledge Base Docs & FAQ Solution for Elementor & Block Editor Stored Cross-Site Scripting

BetterDocs <= 4.3.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

CVE-2024-43227 Medium 3.5.9
CVE-2024-43227 BetterDocs – Knowledge Base Docs & FAQ Solution for Elementor & Block Editor Stored Cross-Site Scripting

BetterDocs <= 3.5.8 - Authenticated (Contributor+) Stored Cross-Site Scripting

CVE-2024-2845 Medium 3.5.0
CVE-2024-2845 BetterDocs – Knowledge Base Docs & FAQ Solution for Elementor & Block Editor Stored Cross-Site Scripting

BetterDocs – Best Documentation, FAQ & Knowledge Base Plugin with AI Support & Instant Answer For Elementor & Gutenberg <= 3.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

CVE-2025-7499 Medium 4.1.2
CVE-2025-7499 BetterDocs – Knowledge Base Docs & FAQ Solution for Elementor & Block Editor Vulnerability

BetterDocs <= 4.1.1 - Missing Authorization to Private And Password-Protected Posts Information Disclosure

CVE-2026-6393 Medium 4.3.12
CVE-2026-6393 BetterDocs – Knowledge Base Docs & FAQ Solution for Elementor & Block Editor Vulnerability

BetterDocs <= 4.3.11 - Missing Authorization to Authenticated (Subscriber+) Unauthorized AI API Usage

Coverage Snapshot

What this page helps you verify fast

This hub clusters every indexed record for BetterDocs – Knowledge Base Docs & FAQ Solution for Elementor & Block Editor so operators can confirm whether a disclosed issue maps to the installed slug, version range, and patch path.

Patch Visibility
9 records include a published patch path, leaving 0 with no listed safe release yet.
Severity Mix
1 critical and 1 high severity finding.
Recent CVEs
CVE-2026-6393, CVE-2026-3875 and CVE-2025-14980
Reference Workflow
Jump from the hub into the full report when you need remediation notes, exploit context, CVSS vectors, or source references.
Triage First

Open the records most likely to drive action

These recent records surface the CVE strings, patch cues, and direct report links most operators need first.

Known Vulnerabilities

Reports for BetterDocs – Knowledge Base Docs & FAQ Solution for Elementor & Block Editor

Sorted by latest disclosure date so newly published issues surface first.

Plugin Medium Patched: Yes CVE-2026-6393
CVE-2026-6393: BetterDocs <= 4.3.11 - Missing Authorization to Authenticated (Subscriber+) Unauthorized AI API Usage

The BetterDocs plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 4.3.11. This is due to a missing capability check in the generate_openai_content_callback() function, which relies solely on a nonce rather than verifying user permissions....

Published
Apr 23, 2026
Patched Release
4.3.12
Affected Versions
Versions up to 4.3.11
Next Step
Update to 4.3.12 or newer if supported.
Open CVE-2026-6393 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2026-3875
CVE-2026-3875: BetterDocs <= 4.3.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

The BetterDocs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'betterdocs_feedback_form' shortcode in all versions up to, and including, 4.3.8. This is due to insufficient input sanitization and output escaping on user supplied shortcode attributes. Thi...

Published
Apr 15, 2026
Patched Release
4.3.9
Affected Versions
Versions up to 4.3.8
Next Step
Update to 4.3.9 or newer if supported.
Open CVE-2026-3875 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2025-14980
CVE-2025-14980: BetterDocs <= 4.3.3 - Authenticated (Contributor+) Sensitive Information Exposure

The BetterDocs plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.3.3 via the scripts() function. This makes it possible for authenticated attackers, with contributor-level access and above, to extract sensitive data inclu...

Published
Jan 08, 2026
Patched Release
4.3.4
Affected Versions
Versions up to 4.3.3
Next Step
Update to 4.3.4 or newer if supported.
Open CVE-2025-14980 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2025-7499
CVE-2025-7499: BetterDocs <= 4.1.1 - Missing Authorization to Private And Password-Protected Posts Information Disclosure

The BetterDocs – Advanced AI-Driven Documentation, FAQ & Knowledge Base Tool for Elementor & Gutenberg with Encyclopedia, AI Support, Instant Answers plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the get_response function i...

Published
Aug 15, 2025
Patched Release
4.1.2
Affected Versions
Versions up to 4.1.1
Next Step
Update to 4.1.2 or newer if supported.
Open CVE-2025-7499 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2024-43227
CVE-2024-43227: BetterDocs <= 3.5.8 - Authenticated (Contributor+) Stored Cross-Site Scripting

The BetterDocs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via blocks in versions up to, and including, 3.5.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with con...

Published
Aug 09, 2024
Patched Release
3.5.9
Affected Versions
Versions up to 3.5.8
Next Step
Update to 3.5.9 or newer if supported.
Open CVE-2024-43227 Report Open CVE Reference
Plugin High Patched: Yes CVE-2024-43129
CVE-2024-43129: BetterDocs <= 3.5.8 - Authenticated (Contributor+) Local File Inclusion

The BetterDocs – Best Documentation, FAQ & Knowledge Base Plugin with AI Support & Instant Answer for Elementor & Gutenberg plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.5.8 via the 'layout_template' of several blocks. This mak...

Published
Aug 07, 2024
Patched Release
3.5.9
Affected Versions
Versions up to 3.5.8
Next Step
Update to 3.5.9 or newer if supported.
Open CVE-2024-43129 Report Open CVE Reference
Plugin Critical Patched: Yes CVE-2024-30226
CVE-2024-30226: BetterDocs – Best Documentation, FAQ & Knowledge Base Plugin with AI Support & Instant Answer for Elementor & Gutenberg <= 3.3.3 - Unauthenticated PHP Object Injection

The BetterDocs plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.3.3 via deserialization of untrusted input. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerab...

Published
Mar 26, 2024
Patched Release
3.3.4
Affected Versions
Versions up to 3.3.3
Next Step
Update to 3.3.4 or newer if supported.
Open CVE-2024-30226 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2024-2845
CVE-2024-2845: BetterDocs – Best Documentation, FAQ & Knowledge Base Plugin with AI Support & Instant Answer For Elementor & Gutenberg <= 3.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The BetterDocs – Best Documentation, FAQ & Knowledge Base Plugin with AI Support & Instant Answer For Elementor & Gutenberg plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 3.4.2 due to insuffici...

Published
Mar 25, 2024
Patched Release
3.5.0
Affected Versions
Versions up to 3.4.2
Next Step
Update to 3.5.0 or newer if supported.
Open CVE-2024-2845 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2023-47762
CVE-2023-47762: BetterDocs <= 2.5.2 - Missing Authorization via AJAX actions

The BetterDocs plugin for WordPress is vulnerable to unauthorized document modification due to a missing capability check on several AJAX functions in versions up to, and including, 2.5.2. This makes it possible for authenticated attackers, with subscriber-level access and above,...

Published
Nov 13, 2023
Patched Release
2.5.3
Affected Versions
Versions up to 2.5.2
Next Step
Update to 2.5.3 or newer if supported.
Open CVE-2023-47762 Report Open CVE Reference