PT-2026-55440 · Wedevs · Wedocs: Ai Powered Knowledge Base
Prism
·
Publicado
2026-07-03
·
Atualizado
2026-07-03
·
CVE-2026-12729
CVSS v3.1
4.3
Média
| Vetor | AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N |
The weDocs: AI Powered Knowledge Base, Docs, Documentation, Wiki & AI Chatbot plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 2.3.0. This is due to a missing capability check on the do migration() function registered as the wedocs migrate betterdocs to wedocs AJAX action, which performs no nonce verification via check ajax referer() and no capability check via current user can() before executing sensitive operations. This makes it possible for authenticated attackers, with Subscriber-level access and above, to trigger a full BetterDocs-to-weDocs data migration, creating and modifying 'docs' custom post type entries with attacker-controlled titles, updating site options, and deactivating the BetterDocs and BetterDocs Pro plugins via deactivate plugins().
Correção
Missing Authorization
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Wedocs: Ai Powered Knowledge Base