CVE-2026-12729
Received Received - Intake

Missing Authorization in weDocs WordPress Plugin

Vulnerability report for CVE-2026-12729, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-03

Last updated on: 2026-07-03

Assigner: Wordfence

Description

The weDocs: AI Powered Knowledge Base, Docs, Documentation, Wiki & AI Chatbot plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 2.3.0. This is due to a missing capability check on the do_migration() function registered as the wedocs_migrate_betterdocs_to_wedocs AJAX action, which performs no nonce verification via check_ajax_referer() and no capability check via current_user_can() before executing sensitive operations. This makes it possible for authenticated attackers, with Subscriber-level access and above, to trigger a full BetterDocs-to-weDocs data migration, creating and modifying 'docs' custom post type entries with attacker-controlled titles, updating site options, and deactivating the BetterDocs and BetterDocs Pro plugins via deactivate_plugins().

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-03
Last Modified
2026-07-03
Generated
2026-07-03
AI Q&A
2026-07-03
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
wedocs wedocs to 2.3.0 (inc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-862 The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Mitigation Strategies

To mitigate this vulnerability, you should update the weDocs plugin to a version later than 2.3.0 where the missing authorization checks are fixed.

Additionally, restrict Subscriber-level users from accessing or triggering the wedocs_migrate_betterdocs_to_wedocs AJAX action by applying proper capability checks and nonce verification if you are managing the plugin code.

As a precaution, monitor and review any unexpected changes to 'docs' custom post types, site options, and plugin activation status.

Executive Summary

The vulnerability exists in the weDocs WordPress plugin (versions up to and including 2.3.0) due to a missing authorization check in the do_migration() function. This function is registered as an AJAX action but does not verify user capabilities or perform nonce verification before executing sensitive operations.

As a result, authenticated users with Subscriber-level access or higher can trigger a full data migration from BetterDocs to weDocs. This allows them to create and modify documentation entries with attacker-controlled titles, update site options, and deactivate the BetterDocs and BetterDocs Pro plugins.

Impact Analysis

This vulnerability can impact you by allowing low-privileged authenticated users to perform unauthorized actions on your WordPress site.

  • They can create and modify 'docs' custom post type entries with attacker-controlled content.
  • They can update site options, potentially changing site behavior or configuration.
  • They can deactivate the BetterDocs and BetterDocs Pro plugins, which may disrupt site functionality.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-12729. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart