EUVD-2026-25394
GHSA-hpvr-gqf8-j82g
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Lifecycle Timeline
1DescriptionNVD
The BetterDocs plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 4.3.11. This is due to a missing capability check in the generate_openai_content_callback() function, which relies solely on a nonce rather than verifying user permissions. This makes it possible for authenticated attackers, with subscriber-level access and above, to trigger OpenAI API calls using the site's configured API key with arbitrary user-controlled prompts, leading to unauthorized consumption of the site owner's paid AI API quota.
AnalysisAI
BetterDocs plugin for WordPress versions up to 4.3.11 allows authenticated subscribers and higher to trigger arbitrary OpenAI API calls using the site's configured API key due to missing capability checks in the generate_openai_content_callback() function. An attacker with subscriber-level access can supply arbitrary prompts to exhaust the site owner's paid AI API quota without authorization, resulting in unauthorized financial impact and service degradation. …
Sign in for full analysis, threat intelligence, and remediation guidance.
More from same product – last 7 days
Arbitrary file upload in Breeze Cache for WordPress allows unauthenticated remote attackers to upload malicious files an
The HT Mega Addons for Elementor WordPress plugin before 3.0.7 contains an unauthenticated AJAX action returning some P
Stored XSS vulnerability in Check & Log Email WordPress plugin before version 2.0.13 allows authenticated users with low
Authenticated attackers with Subscriber-level privileges can escalate to Administrator role in Highland Software Custom
The LatePoint - Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Privilege Esca
Share
External POC / Exploit Code
Leaving vuln.today