CVE-2025-13921
📋 TL;DR
The weDocs WordPress plugin has a missing capability check vulnerability that allows authenticated users with Subscriber-level access or higher to edit any documentation post. This affects all versions up to and including 2.1.16, potentially leading to unauthorized data modification or loss. The vulnerability was partially addressed in version 2.1.16 but requires further action.
💻 Affected Systems
- weDocs: AI Powered Knowledge Base, Docs, Documentation, Wiki & AI Chatbot plugin for WordPress
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Attackers could delete or maliciously modify all documentation content, causing data loss, misinformation, or defacement of the knowledge base.
Likely Case
Low-privilege users could accidentally or intentionally edit documentation they shouldn't have access to, leading to data integrity issues.
If Mitigated
With proper access controls and monitoring, unauthorized edits would be detected and rolled back with minimal impact.
🎯 Exploit Status
Exploitation requires authenticated access but is straightforward once authenticated. The vulnerability is publicly documented.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2.1.16 (partial fix), check for newer versions
Vendor Advisory: https://plugins.trac.wordpress.org/changeset/3440068/
Restart Required: No
Instructions:
1. Update weDocs plugin to latest version via WordPress admin panel. 2. Verify update to version after 2.1.16. 3. Test that Subscriber users cannot edit documentation posts.
🔧 Temporary Workarounds
Remove Subscriber edit capabilities
allTemporarily remove documentation editing capabilities from Subscriber role using WordPress role management.
wp role reset subscriber --allow-root
Disable weDocs plugin
allTemporarily disable the weDocs plugin until patched.
wp plugin deactivate wedocs --allow-root
🧯 If You Can't Patch
- Implement strict access controls and monitor documentation edit logs for unauthorized activity.
- Regularly backup documentation content and implement change approval workflows.
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin panel for weDocs plugin version. If version is 2.1.16 or earlier, system is vulnerable.Check Version:
wp plugin get wedocs --field=version --allow-rootVerify Fix Applied:
After updating, test with Subscriber account that documentation editing is properly restricted.📡 Detection & Monitoring
Log Indicators:
- Unusual documentation edits from low-privilege users
- Multiple edit attempts from Subscriber accounts
Network Indicators:
- POST requests to wp-admin/admin-ajax.php with wedocs-related actions from unauthorized users
SIEM Query:
source="wordpress" action="edit_post" user_role="subscriber" plugin="wedocs"🔗 References
- https://plugins.trac.wordpress.org/browser/wedocs/tags/2.1.14/includes/Installer.php#L21
- https://plugins.trac.wordpress.org/browser/wedocs/tags/2.1.14/includes/functions.php#L506
- https://plugins.trac.wordpress.org/changeset/3426704/
- https://plugins.trac.wordpress.org/changeset/3440068/
- https://www.wordfence.com/threat-intel/vulnerabilities/id/c56234f3-7dd6-4dff-887d-5ddbf0cb7d3c?source=cve
