CVE-2025-14980: The BetterDocs plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including
mediumvulnerabilityLLM-Specific
security
Summary
The BetterDocs plugin for WordPress (all versions up to 4.3.3) has a vulnerability that exposes sensitive information, allowing authenticated attackers with contributor-level access or higher to extract data including OpenAI API keys stored in the plugin settings through the scripts() function. This affects any WordPress site using the plugin where users have contributor-level permissions or above.
Solution / Mitigation
Update to version 4.3.4 or later, as indicated by the WordPress plugin repository changeset reference showing the fix was applied in that version.
Vulnerability Details
CVSS Score
6.5(medium)
EPSS (30-day exploit probability)
EPSS: 0.0%
Classification
Attack Type
PII Leakage
Attack SophisticationTrivial
Impact (CIA+S)
confidentiality
AI Component TargetedAPI
Affected Vendors
OpenAI
Related Issues
Original source: https://nvd.nist.gov/vuln/detail/CVE-2025-14980
First tracked: February 15, 2026 at 08:49 PM
Classified by LLM (prompt v3) · confidence: 85%