Threat Entry Updated 2026-01-26

CVE-2025-13921 - Wedocs Plugin

The weDocs: AI Powered Knowledge Base, Docs, Documentation, Wiki & AI Chatbot plugin for WordPress is vulnerable to unauthorized modification or loss of data due to a missing capability check on the 'wedocs_user_documentation_handling_capabilities' function in all versions up to, and including, 2.1.16. This makes it possible for authenticated attackers, with Subscriber-level access and above, to edit any documentation post. The vulnerability was partially patched in version 2.1.16.

PLUGIN Wedocs

CVE-2025-13921

MEDIUM CVSS 4.3 2026-01-23

Risk Score

Open Full Technical Breakdown

Threat Entry Updated 2026-01-13

CVE-2025-14574 - Wedocs Plugin

The weDocs plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.1.15 via the `/wp-json/wp/v2/docs/settings` REST API endpoint. This makes it possible for unauthenticated attackers to extract sensitive data including third party services API keys.

PLUGIN Wedocs

CVE-2025-14574

MEDIUM CVSS 5.3 2026-01-09

Risk Score

Open Full Technical Breakdown

Threat Entry Updated 2025-12-08

CVE-2025-12505 - Wedocs Plugin

The weDocs plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 2.1.14. This is due to the plugin not properly verifying that a user is authorized to perform an action in the create_item_permissions_check function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to modify global plugin settings.

PLUGIN Wedocs

CVE-2025-12505

MEDIUM CVSS 5.4 2025-12-06

Risk Score

Open Full Technical Breakdown