Lucene search
K

39 matches found

NVD
NVD
added 2026/07/03 2:16 a.m.7 views

CVE-2026-12734

The weDocs: AI Powered Knowledge Base, Docs, Documentation, Wiki & AI Chatbot plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'connectorWidth' Block Attribute in all versions up to, and including, 2.3.0 due to insufficient input sanitization and output escaping. This makes i...

6.4CVSS0.00206EPSS
Exploits0References4
NVD
NVD
added 2026/07/03 2:16 a.m.8 views

CVE-2026-12731

The weDocs: AI Powered Knowledge Base, Docs, Documentation, Wiki & AI Chatbot plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'sectionTitleTag' and 'articleTitleTag' Block Attributes in all versions up to, and including, 2.3.0 due to insufficient input sanitization and outpu...

6.4CVSS0.00206EPSS
Exploits0References5
NVD
NVD
added 2026/07/03 2:16 a.m.8 views

CVE-2026-12729

The weDocs: AI Powered Knowledge Base, Docs, Documentation, Wiki & AI Chatbot plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 2.3.0. This is due to a missing capability check on the domigration function registered as the wedocsmigratebetterdocstowedocs...

4.3CVSS0.00213EPSS
Exploits0References6
EUVD
EUVD
added 2026/07/03 1:28 a.m.9 views

EUVD-2026-41470

The weDocs: AI Powered Knowledge Base, Docs, Documentation, Wiki & AI Chatbot plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'sectionTitleTag' and 'articleTitleTag' Block Attributes in all versions up to, and including, 2.3.0 due to insufficient input sanitization and outpu...

6.4CVSS5.9AI score0.00206EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/07/03 1:28 a.m.43 views

CVE-2026-12731 weDocs: AI Powered Knowledge Base, Docs, Documentation, Wiki & AI Chatbot <= 2.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'sectionTitleTag' and 'articleTitleTag' Block Attributes

The weDocs: AI Powered Knowledge Base, Docs, Documentation, Wiki & AI Chatbot plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'sectionTitleTag' and 'articleTitleTag' Block Attributes in all versions up to, and including, 2.3.0 due to insufficient input sanitization and outpu...

6.4CVSS0.00206EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/07/03 1:28 a.m.10 views

CVE-2026-12731

The weDocs: AI Powered Knowledge Base, Docs, Documentation, Wiki & AI Chatbot plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'sectionTitleTag' and 'articleTitleTag' Block Attributes in all versions up to, and including, 2.3.0 due to insufficient input sanitization and outpu...

6.4CVSS5.9AI score0.00206EPSS
Exploits0References6
CVE
CVE
added 2026/07/03 1:28 a.m.15 views

CVE-2026-12729

The CVE concerns the weDocs: AI Powered Knowledge Base WordPress plugin up to version 2.3.0, where the do_migration() function is exposed via the wedocs_migrate_betterdocs_to_wedocs AJAX action without nonce verification (check_ajax_referer) and without a current_user_can capability check. This a...

4.3CVSS5.6AI score0.00213EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/07/03 1:28 a.m.12 views

CVE-2026-12734

The weDocs: AI Powered Knowledge Base, Docs, Documentation, Wiki & AI Chatbot plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'connectorWidth' Block Attribute in all versions up to, and including, 2.3.0 due to insufficient input sanitization and output escaping. This makes i...

6.4CVSS5.9AI score0.00206EPSS
Exploits0References5
EUVD
EUVD
added 2026/07/03 1:28 a.m.11 views

EUVD-2026-41467

The weDocs: AI Powered Knowledge Base, Docs, Documentation, Wiki & AI Chatbot plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'connectorWidth' Block Attribute in all versions up to, and including, 2.3.0 due to insufficient input sanitization and output escaping. This makes i...

6.4CVSS5.9AI score0.00206EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/07/03 1:28 a.m.39 views

CVE-2026-12729 weDocs: AI Powered Knowledge Base, Docs, Documentation, Wiki & AI Chatbot <= 2.3.0 - Missing Authorization to Authenticated (Subscriber+) Data Migration via wedocs_migrate_betterdocs_to_wedocs AJAX Action

The weDocs: AI Powered Knowledge Base, Docs, Documentation, Wiki & AI Chatbot plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 2.3.0. This is due to a missing capability check on the domigration function registered as the wedocsmigratebetterdocstowedocs...

4.3CVSS0.00213EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/07/03 1:28 a.m.37 views

CVE-2026-12734 weDocs: AI Powered Knowledge Base, Docs, Documentation, Wiki & AI Chatbot <= 2.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'connectorWidth' Block Attribute

The weDocs: AI Powered Knowledge Base, Docs, Documentation, Wiki & AI Chatbot plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'connectorWidth' Block Attribute in all versions up to, and including, 2.3.0 due to insufficient input sanitization and output escaping. This makes i...

6.4CVSS0.00206EPSS
Exploits0References4
CVE
CVE
added 2026/07/03 1:28 a.m.26 views

CVE-2026-12734

The weDocs WordPress plugin (Authenticated access level: Contributor+) is vulnerable to Stored XSS via the connectorWidth Block Attribute in all versions up to and including 2.3.0. The root cause is insufficient input sanitization and output escaping. Impact: injected scripts can execute when use...

6.4CVSS5.9AI score0.00206EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/07/03 12:0 a.m.15 views

PT-2026-55442

Name of the Vulnerable Software and Affected Versions weDocs: AI Powered Knowledge Base, Docs, Documentation, Wiki & AI Chatbot versions prior to 2.3.1 Description Insufficient input sanitization and output escaping allow authenticated attackers with contributor-level access and above to perform...

6.4CVSS6.1AI score0.00206EPSS
Exploits0References8
Patchstack
Patchstack
added 2026/07/02 11:58 a.m.6 views

WordPress weDocs: AI Powered Knowledge Base, Docs, Documentation, Wiki & AI Chatbot plugin <= 2.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by PRISM in WordPress Plugin weDocs versions = 2.3.0...

6.4CVSS5.9AI score0.00206EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/04/08 8:30 a.m.28 views

CVE-2026-39520 WordPress weDocs plugin <= 2.1.18 - Broken Access Control vulnerability

Missing Authorization vulnerability in weDevs weDocs wedocs allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects weDocs: from n/a through = 2.1.18...

5.3CVSS0.0019EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/24 3:17 p.m.7 views

CVE-2025-13921

The weDocs: AI Powered Knowledge Base, Docs, Documentation, Wiki & AI Chatbot plugin for WordPress is vulnerable to unauthorized modification or loss of data due to a missing capability check on the 'wedocsuserdocumentationhandlingcapabilities' function in all versions up to, and including, 2.1.1...

4.3CVSS5.5AI score0.00265EPSS
Exploits0References1
NVD
NVD
added 2026/01/23 2:16 p.m.18 views

CVE-2025-13921

The weDocs: AI Powered Knowledge Base, Docs, Documentation, Wiki & AI Chatbot plugin for WordPress is vulnerable to unauthorized modification or loss of data due to a missing capability check on the 'wedocsuserdocumentationhandlingcapabilities' function in all versions up to, and including, 2.1.1...

4.3CVSS0.00265EPSS
Exploits0References5
CVE
CVE
added 2026/01/23 1:24 p.m.18 views

CVE-2025-13921

CVE-2025-13921 (weDocs for WordPress) : Wordfence and related feeds confirm that weDocs versions up to 2.1.16 expose an unauthenticated ability to modify or lose documentation data due to a missing capability check in wedocs_user_documentation_handling_capabilities. An authenticated attacker with...

4.3CVSS5.5AI score0.00265EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/01/23 1:24 p.m.2 views

CVE-2025-13921

The weDocs: AI Powered Knowledge Base, Docs, Documentation, Wiki & AI Chatbot plugin for WordPress is vulnerable to unauthorized modification or loss of data due to a missing capability check on the 'wedocsuserdocumentationhandlingcapabilities' function in all versions up to, and including, 2.1.1...

4.3CVSS5.4AI score0.00265EPSS
Exploits0References6
Patchstack
Patchstack
added 2026/01/23 7:57 a.m.9 views

WordPress weDocs plugin <= 2.1.16 - Missing Authorization to Authenticated (Subscriber+) Documentation Post Update vulnerability

Missing Authorization to Authenticated Subscriber+ Documentation Post Update vulnerability discovered by blue0x1 in WordPress Plugin weDocs versions = 2.1.16...

4.3CVSS5.5AI score0.00265EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder