CVE-2025-7499: 
WordPress vulnerability analysis and mitigation

The BetterDocs – Advanced AI-Driven Documentation plugin for WordPress (versions up to and including 4.1.1) contains a vulnerability identified as CVE-2025-7499. The vulnerability was discovered and disclosed on August 16, 2025, affecting the plugin's get_response function due to a missing capability check (NVD).

The vulnerability stems from a missing authorization check in the get_response function within the DocCategories.php file. This security flaw has been assigned a CVSS v3.1 Base Score of 5.3 (MEDIUM) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N. The vulnerability is classified as CWE-862: Missing Authorization (NVD, Wordfence).

The vulnerability allows unauthenticated attackers to retrieve sensitive information, including passwords for password-protected documents and metadata of private and draft documents. This unauthorized access to protected content poses a significant security risk to organizations using the affected plugin (NVD).

The vulnerability has been patched in version 4.1.2 of the BetterDocs plugin. Users are strongly advised to update to this version or later to protect against unauthorized access to sensitive documentation (Wordfence).