Missing Authorization Vulnerability in weDocs Plugin for WordPress
CVE-2026-12729
4.3MEDIUM
Key Information:
- Vendor
WordPress
- Vendor
- CVE Published:
- 3 July 2026
What is CVE-2026-12729?
The weDocs plugin for WordPress experiences a vulnerability due to insufficient authorization checks in the do_migration() function. The AJAX action wedocs_migrate_betterdocs_to_wedocs lacks nonce verification and capability checks, allowing authenticated users with Subscriber-level permissions or higher to initiate unauthorized data migrations. This exploitation can lead to the creation or modification of 'docs' custom post entries under attacker-controlled titles, changes to site options, and the potential deactivation of the BetterDocs and BetterDocs Pro plugins, posing significant operational threats to websites using this plugin.
Affected Version(s)
weDocs: AI Powered Knowledge Base, Docs, Documentation, Wiki & AI Chatbot 0 <= 2.3.0