PT-2026-55440 · Wedevs · Wedocs: Ai Powered Knowledge Base

Prism

·

Publicado

2026-07-03

·

Atualizado

2026-07-03

·

CVE-2026-12729

CVSS v3.1

4.3

Média

VetorAV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
The weDocs: AI Powered Knowledge Base, Docs, Documentation, Wiki & AI Chatbot plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 2.3.0. This is due to a missing capability check on the do migration() function registered as the wedocs migrate betterdocs to wedocs AJAX action, which performs no nonce verification via check ajax referer() and no capability check via current user can() before executing sensitive operations. This makes it possible for authenticated attackers, with Subscriber-level access and above, to trigger a full BetterDocs-to-weDocs data migration, creating and modifying 'docs' custom post type entries with attacker-controlled titles, updating site options, and deactivating the BetterDocs and BetterDocs Pro plugins via deactivate plugins().

Correção

Missing Authorization

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

Enumeração de Fraquezas

Identificadores relacionados

CVE-2026-12729

Produtos afetados

Wedocs: Ai Powered Knowledge Base