39 matches found
WordPress plugin weDocs has a security vulnerability
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...
PT-2026-4355
The weDocs: AI Powered Knowledge Base, Docs, Documentation, Wiki & AI Chatbot plugin for WordPress is vulnerable to unauthorized modification or loss of data due to a missing capability check on the 'wedocs user documentation handling capabilities' function in all versions up to, and including,...
CVE-2025-14574
The weDocs plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.1.15 via the /wp-json/wp/v2/docs/settings REST API endpoint. This makes it possible for unauthenticated attackers to extract sensitive data including third party services API ke...
CVE-2025-14574
The weDocs plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.1.15 via the /wp-json/wp/v2/docs/settings REST API endpoint. This makes it possible for unauthenticated attackers to extract sensitive data including third party services API ke...
CVE-2025-14574 weDocs: AI Powered Knowledge Base, Docs, Documentation, Wiki & AI Chatbot <= 2.1.15 - Unauthenticated Sensitive Information Exposure
The weDocs plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.1.15 via the /wp-json/wp/v2/docs/settings REST API endpoint. This makes it possible for unauthenticated attackers to extract sensitive data including third party services API ke...
CVE-2025-14574 weDocs: AI Powered Knowledge Base, Docs, Documentation, Wiki & AI Chatbot <= 2.1.15 - Unauthenticated Sensitive Information Exposure
The weDocs plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.1.15 via the /wp-json/wp/v2/docs/settings REST API endpoint. This makes it possible for unauthenticated attackers to extract sensitive data including third party services API ke...
CVE-2025-14574
The connected Wordfence entry confirms CVE-2025-14574 affecting the weDocs plugin for WordPress (versions up to 2.1.15) via an unauthenticated exposure at the REST endpoint /wp-json/wp/v2/docs/settings, enabling retrieval of sensitive data including third‑party API keys. The CVSS v3.1 base score ...
PT-2026-1746
Name of the Vulnerable Software and Affected Versions weDocs plugin for WordPress versions prior to 2.1.16 Description The weDocs plugin for WordPress is susceptible to sensitive information disclosure. Unauthenticated attackers can extract sensitive data, including API keys for third-party...
WordPress weDocs plugin <= 2.1.15 - Unauthenticated Sensitive Information Exposure vulnerability
Unauthenticated Sensitive Information Exposure vulnerability discovered by DityaRA in WordPress Plugin weDocs versions = 2.1.15...
CVE-2025-12505
The weDocs plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 2.1.14. This is due to the plugin not properly verifying that a user is authorized to perform an action in the createitempermissionscheck function. This makes it possible for authenticated...
CVE-2025-12505
The weDocs plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 2.1.14. This is due to the plugin not properly verifying that a user is authorized to perform an action in the createitempermissionscheck function. This makes it possible for authenticated...
CVE-2025-12505 weDocs <= 2.1.14 - Missing Authorization to Settings Update
The weDocs plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 2.1.14. This is due to the plugin not properly verifying that a user is authorized to perform an action in the createitempermissionscheck function. This makes it possible for authenticated...
CVE-2025-12505 weDocs <= 2.1.14 - Missing Authorization to Settings Update
The weDocs plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 2.1.14. This is due to the plugin not properly verifying that a user is authorized to perform an action in the createitempermissionscheck function. This makes it possible for authenticated...
PT-2025-49326
The weDocs plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 2.1.14. This is due to the plugin not properly verifying that a user is authorized to perform an action in the create item permissions check function. This makes it possible for authenticate...
WordPress plugin weDocs 授权问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. An authorizati...
WordPress weDocs plugin <= 2.1.14 - Missing Authorization to Settings Update vulnerability
Missing Authorization to Settings Update vulnerability discovered by Md. Moniruzzaman Prodhan NomanProdhan - Knight Squad in WordPress Plugin weDocs versions = 2.1.14...
WordPress plugin weDocs security vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...
WordPress weDocs plugin <= 2.1.4 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Peng Zhou Patchstack Alliance in WordPress Plugin weDocs versions = 2.1.4...
WordPress weDocs Plugin <= 2.1.4 is vulnerable to Broken Access Control
Software weDocs Type Plugin Vulnerable versions = 2.1.4 Fixed in 2.1.5 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-34442 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 9f7c973edf5a Credits Peng Zhou Required privilege...