PT-2026-1746 · WordPress · Wedocs
German
·
Published
2026-01-09
·
Updated
2026-01-09
·
CVE-2025-14574
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
weDocs plugin for WordPress versions prior to 2.1.16
Description
The weDocs plugin for WordPress is susceptible to sensitive information disclosure. Unauthenticated attackers can extract sensitive data, including API keys for third-party services, through the
/wp-json/wp/v2/docs/settings API endpoint. The vulnerable parameter is not specified.Recommendations
Update the weDocs plugin to version 2.1.16 or later.
Fix
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Wedocs