Description
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WPDeveloper BetterDocs betterdocs allows Retrieve Embedded Sensitive Data.This issue affects BetterDocs: from n/a through <= 4.3.10.
Published: 2026-04-29
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A vulnerability in the WPDeveloper BetterDocs WordPress plugin allows the retrieval of embedded sensitive data. The flaw can expose confidential system information to unauthorized users, resulting in a breach of confidentiality. This weakness is classified as CWE-497 – Sensitive Information Exposure. While the description does not specify an explicit exploitation method, it is inferred that an attacker could access the exposed data through the plugin’s web interface or any exposed API endpoints that deliver the embedded content.

Affected Systems

The vulnerability affects the BetterDocs plugin provided by WPDeveloper for WordPress platforms. All releases up to and including version 4.3.10 are impacted. No other product or vendor is listed as affected.

Risk and Exploitability

The vulnerability carries a CVSS score of 5.3, indicating moderate severity. The EPSS score is not available, and it is not listed in the CISA KEV catalog, suggesting no known active exploits at this time. The likely attack vector is through remote access to the WordPress site, such as browsing a page that renders BetterDocs content or invoking exposed endpoints, enabling data extraction. Given the moderate score and unavailable exploitation data, the risk is considered medium, but any site that hosts the vulnerable plugin could potentially expose sensitive information to anyone with access to the site.

Generated by OpenCVE AI on April 29, 2026 at 12:51 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the BetterDocs plugin to a version newer than 4.3.10 to contain the data‑exposure fix.
  • If an immediate update is not feasible, disable or remove the feature that exposes embedded sensitive data within the plugin’s settings or by eliminating the relevant shortcode from site content.
  • After applying the mitigation, monitor WordPress access logs for any unexpected attempts to retrieve sensitive information from the plugin.

Generated by OpenCVE AI on April 29, 2026 at 12:51 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 29 Apr 2026 12:45:00 +0000

Type Values Removed Values Added
First Time appeared Wordpress
Wordpress wordpress
Wpdeveloper
Wpdeveloper betterdocs
Vendors & Products Wordpress
Wordpress wordpress
Wpdeveloper
Wpdeveloper betterdocs

Wed, 29 Apr 2026 11:30:00 +0000

Type Values Removed Values Added
Description Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WPDeveloper BetterDocs betterdocs allows Retrieve Embedded Sensitive Data.This issue affects BetterDocs: from n/a through <= 4.3.10.
Title WordPress BetterDocs plugin <= 4.3.10 - Sensitive Data Exposure vulnerability
Weaknesses CWE-497
References
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N'}

Subscriptions

Wordpress Wordpress
Wpdeveloper Betterdocs
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-29T10:47:15.294Z

Reserved: 2026-04-29T09:04:31.204Z

Link: CVE-2026-42644

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Deferred

Published: 2026-04-29T12:16:19.660

Modified: 2026-04-29T21:15:41.667

Link: CVE-2026-42644

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-29T13:00:06Z

Weaknesses