{"data":{"id":"14bc5b51-a4df-4ab5-93e2-0ba31b14800f","title":"CVE-2026-6393: The BetterDocs plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 4.3.11. This ","summary":"The BetterDocs plugin for WordPress (versions up to 4.3.11) has a security flaw where the generate_openai_content_callback() function checks for a nonce (a security token that verifies a request is legitimate) but doesn't verify that the user has permission to perform the action. This allows any authenticated user with subscriber-level access or higher to make the plugin call OpenAI's AI service using the site owner's API key and paid quota, even though they shouldn't have that permission.","solution":"N/A -- no mitigation discussed in source.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-6393","publishedAt":"2026-04-24T04:16:22.607Z","cveId":"CVE-2026-6393","cweIds":["CWE-862"],"cvssScore":"4.3","cvssSeverity":"medium","severity":"medium","attackType":["other"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":["OpenAI"],"affectedVendorsRaw":["OpenAI","BetterDocs WordPress plugin"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N","attackVector":"network","attackComplexity":"low","privilegesRequired":"low","userInteraction":"none","exploitMaturity":"unknown","epssScore":0,"patchAvailable":null,"disclosureDate":"2026-04-24T04:16:22.607Z","capecIds":["CAPEC-122"],"crossRefCount":0,"attackSophistication":"trivial","impactType":["integrity","availability"],"aiComponentTargeted":"api","llmSpecific":true,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":null}}