Primary

Context

weDocs WordPress Plugin Missing Authorization Vulnerability Allows Unauthorized Post Edits

Vulnerability

A vulnerability exists in the weDocs WordPress plugin, specifically in versions through 2.1.16, due to a lack of proper capability checks. This flaw enables authenticated users with Subscriber-level access and higher to modify any documentation post. The issue arises from the 'wedocs_user_documentation_handling_capabilities' function, which fails to enforce necessary authorization. Although version 2.1.16 introduced a partial fix, the vulnerability persists in earlier versions.

Impact

Exploitation of this vulnerability could lead to unauthorized changes in documentation posts, potentially allowing for the manipulation of information presented to users.

Remediation

Users can update to version 2.1.17 or a later patched version to address this vulnerability.

Added: Jan 23, 2026, 2:20 PM

Updated: Jan 23, 2026, 2:20 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.3

exploitability

5.5

remediation

0.0

relevance

2.3

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.3

exploitability

5.5

remediation

0.0

relevance

2.3

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

weDocs WordPress Plugin Missing Authorization Vulnerability Allows Unauthorized Post Edits

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating