Skip to main content

weDocs WordPress Plugin CVE-2026-12731

| EUVDEUVD-2026-41470 MEDIUM
Cross-site Scripting (XSS) (CWE-79)
2026-07-03 Wordfence GHSA-pr6j-r5mf-cj49
6.4
CVSS 3.1 · Vendor: Wordfence
Share

Severity by source

Vendor (Wordfence) PRIMARY
6.4 MEDIUM
AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
vuln.today AI
5.4 MEDIUM

Stored XSS requires a victim to visit the page (UI:R); contributor authentication required (PR:L); scope changes to victim browser (S:C).

3.1 AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
4.0 AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

Primary rating from Vendor (Wordfence).

CVSS VectorVendor: Wordfence

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

2
Analysis Generated
Jul 03, 2026 - 01:57 vuln.today
CVE Published
Jul 03, 2026 - 01:28 cve.org
MEDIUM 6.4

DescriptionCVE.org

The weDocs: AI Powered Knowledge Base, Docs, Documentation, Wiki & AI Chatbot plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'sectionTitleTag' and 'articleTitleTag' Block Attributes in all versions up to, and including, 2.3.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

AnalysisAI

Stored Cross-Site Scripting in the weDocs WordPress plugin (versions through 2.3.0) allows authenticated contributors to persist malicious JavaScript in documentation pages by injecting arbitrary values into the 'sectionTitleTag' and 'articleTitleTag' Gutenberg block attributes, which are rendered without sanitization or output escaping in Sidebar block render.php. Any WordPress user who subsequently visits an injected documentation page will execute the attacker's script in their browser context, enabling session hijacking, credential harvesting, or defacement. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Recon
Obtain WordPress contributor credentials
Delivery
Authenticate and access block editor
Exploit
Inject script payload via sectionTitleTag or articleTitleTag attribute
Install
Save page to persist payload in database
C2
Victim browses injected documentation page
Execute
Stored XSS executes in victim browser
Impact
Harvest session token or perform authenticated actions

Vulnerability AssessmentAI

Exploitation Exploitation requires an authenticated WordPress account with contributor-level privileges or higher (PR:L per CVSS vector). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The vendor-assigned CVSS 6.4 (AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N) reflects the cross-site scope change inherent to stored XSS but warrants scrutiny: the UI:N metric is debatable for stored XSS, since a victim must passively visit the injected page for the payload to fire - a more precise rating would use UI:R, yielding approximately 5.4. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An authenticated WordPress user with contributor-level access creates or edits a weDocs documentation page and sets the 'sectionTitleTag' block attribute to a value containing a malicious script tag (e.g., injecting an XSS payload via the block editor's attribute input). The payload is stored in the post database without sanitization. …
Remediation An upstream fix is available via WordPress plugin repository changeset 3589430 (https://plugins.trac.wordpress.org/changeset?old=3589430%40wedocs&new=3589430%40wedocs), which addresses the missing sanitization and output escaping in render.php. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-12731 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy