Stored Cross-Site Scripting Vulnerability in weDocs Plugin for WordPress
CVE-2026-12731

6.4MEDIUM

What is CVE-2026-12731?

The weDocs plugin for WordPress, which is designed for creating a knowledge base and documentation, is susceptible to a Stored Cross-Site Scripting vulnerability affecting all versions up to and including 2.3.0. The vulnerability is introduced through inadequate input sanitization and output escaping specifically in the 'sectionTitleTag' and 'articleTitleTag' Block Attributes. This flaw permits authenticated users with contributor-level access or higher to inject malicious scripts into web pages, which can be executed when unsuspecting users access those compromised pages.

Affected Version(s)

weDocs: AI Powered Knowledge Base, Docs, Documentation, Wiki & AI Chatbot 0 <= 2.3.0

References

CVSS V3.1

Score:
6.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

PRISM
.