๐Ÿ” CVE Alert

CVE-2025-12505

MEDIUM 5.4

weDocs <= 2.1.14 - Missing Authorization to Settings Update

CVSS Score
5.4
EPSS Score
0.0%
EPSS Percentile
0th

The weDocs plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 2.1.14. This is due to the plugin not properly verifying that a user is authorized to perform an action in the create_item_permissions_check function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to modify global plugin settings.

CWE CWE-285
Vendor wedevs
Product wedocs: ai powered knowledge base, docs, documentation, wiki & ai chatbot
Published Dec 6, 2025
Last Updated Apr 8, 2026
Stay Ahead of the Next One

Get instant alerts for wedevs wedocs: ai powered knowledge base, docs, documentation, wiki & ai chatbot

Be the first to know when new medium vulnerabilities affecting wedevs wedocs: ai powered knowledge base, docs, documentation, wiki & ai chatbot are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability

Affected Versions

wedevs / weDocs: AI Powered Knowledge Base, Docs, Documentation, Wiki & AI Chatbot
0 โ‰ค 2.1.14

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
wordfence.com: https://www.wordfence.com/threat-intel/vulnerabilities/id/3ec54ec6-0ff1-4290-85d0-d691a1832627?source=cve github.com: https://github.com/weDevsOfficial/wedocs-plugin/blob/develop/includes/API/SettingsApi.php plugins.trac.wordpress.org: https://plugins.trac.wordpress.org/browser/wedocs/tags/2.1.13/includes/API/SettingsApi.php#L115 plugins.trac.wordpress.org: https://plugins.trac.wordpress.org/browser/wedocs/tags/2.1.13/includes/API/SettingsApi.php#L179 plugins.trac.wordpress.org: https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3403375%40wedocs%2Ftrunk&old=3382516%40wedocs%2Ftrunk&sfp_email=&sfph_mail=

Credits

Md. Moniruzzaman Prodhan