WordPress Plugin Vulnerabilities

weDocs < 2.1.5 - Missing Authorization

Description

The weDocs plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the update_helpfullness REST API endpoint in versions up to, and including, 2.1.4. This makes it possible for unauthenticated attackers to update settings.

Affects Plugins

Plugin icon
wedocs
Fixed in 2.1.5

References

CVE
CVE-2024-34442
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/dd77f939-cd1c-4624-9a0c-d8f89a8e5221

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
5.3 (medium)

Miscellaneous

Original Researcher
Peng Zhou
Verified
No
WPVDB ID
50280aa6-342a-4eb0-b550-8c9621c7b184

Timeline

Publicly Published
2024-05-07 (about 2 years ago)
Added
2024-05-16 (about 2 years ago)
Last Updated
2024-05-16 (about 2 years ago)

Other

Published
Title
Published
2026-03-20
Title
Expire Users <= 1.2.2 - Subscriber+ Privilege Escalation
Published
2026-05-12
Title
RTMKit Addons for Elementor < 2.0.3 - Authenticated (Author+) Missing Authorization to Widget Configuration Modification
Published
2026-02-16
Title
Calculated Fields Form < 5.4.4.2 - Missing Authorization
Published
2024-04-15
Title
WP Cost Estimation & Payment Forms Builder < 10.1.77 - Missing Authorization
Published
2025-12-15
Title
Photo Block < 1.6.0 - Missing Authorization