Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Network-accessible AJAX with subscriber auth (AV:N/PR:L); A:L added over provided score because deactivating installed plugins is a concrete availability impact.
Primary rating from Vendor (Wordfence).
CVSS VectorVendor: Wordfence
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Lifecycle Timeline
2DescriptionCVE.org
The weDocs: AI Powered Knowledge Base, Docs, Documentation, Wiki & AI Chatbot plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 2.3.0. This is due to a missing capability check on the do_migration() function registered as the wedocs_migrate_betterdocs_to_wedocs AJAX action, which performs no nonce verification via check_ajax_referer() and no capability check via current_user_can() before executing sensitive operations. This makes it possible for authenticated attackers, with Subscriber-level access and above, to trigger a full BetterDocs-to-weDocs data migration, creating and modifying 'docs' custom post type entries with attacker-controlled titles, updating site options, and deactivating the BetterDocs and BetterDocs Pro plugins via deactivate_plugins().
AnalysisAI
Missing authorization on the BetterDocs-to-weDocs migration AJAX endpoint in the weDocs WordPress plugin (versions up to and including 2.3.0) allows any authenticated subscriber-level user to trigger a full data migration, manipulate documentation content, alter site options, and forcibly deactivate installed BetterDocs and BetterDocs Pro plugins. The vulnerable do_migration() function registered under the wedocs_migrate_betterdocs_to_wedocs AJAX action performs neither a nonce check via check_ajax_referer() nor a privilege check via current_user_can(), exposing sensitive administrative operations to the lowest authenticated user tier. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires the attacker to hold at minimum a Subscriber-level WordPress account on the target site - the lowest authenticated user role. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The provided CVSS 3.1 score of 4.3 (AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N) correctly identifies network accessibility and low authentication requirements but arguably underweights the availability dimension: the ability to invoke `deactivate_plugins()` against installed plugins is an availability impact, not captured in the A:N metric. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker registers a free subscriber account on a target WordPress site running weDocs ≤2.3.0, then sends a crafted POST request to `wp-admin/admin-ajax.php` with `action=wedocs_migrate_betterdocs_to_wedocs` and attacker-controlled migration parameters. The unguarded `do_migration()` function executes, deactivating the BetterDocs and BetterDocs Pro plugins (disabling the competitor documentation system), creating or overwriting 'docs' custom post type entries with attacker-supplied titles, and modifying WordPress site options - all without any administrator interaction. |
| Remediation | Update the weDocs plugin to the version that includes SVN changeset 3589430 or later, which addresses the missing authorization on the migration AJAX action. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
Stored Cross-Site Scripting in the weDocs WordPress plugin (versions through 2.3.0) allows authenticated contributors to
Stored Cross-Site Scripting in the weDocs WordPress plugin (all versions through 2.3.0) allows authenticated contributor
Missing authorization in weDevs weDocs WordPress plugin through version 2.1.18 allows unauthenticated remote attackers t
Same weakness CWE-862 – Missing Authorization
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-41468
GHSA-8rwq-pvxh-vj87