Stored Cross-Site Scripting Vulnerability in weDocs Plugin for WordPress
CVE-2026-12731
6.4MEDIUM
Key Information:
- Vendor
WordPress
- Vendor
- CVE Published:
- 3 July 2026
What is CVE-2026-12731?
The weDocs plugin for WordPress, which is designed for creating a knowledge base and documentation, is susceptible to a Stored Cross-Site Scripting vulnerability affecting all versions up to and including 2.3.0. The vulnerability is introduced through inadequate input sanitization and output escaping specifically in the 'sectionTitleTag' and 'articleTitleTag' Block Attributes. This flaw permits authenticated users with contributor-level access or higher to inject malicious scripts into web pages, which can be executed when unsuspecting users access those compromised pages.
Affected Version(s)
weDocs: AI Powered Knowledge Base, Docs, Documentation, Wiki & AI Chatbot 0 <= 2.3.0