weDocs: AI Powered Knowledge Base, Docs, Documentation, Wiki & AI Chatbot < 2.1.16 – Unauthenticated Sensitive Information Exposure | CVE 2025-14574 | Plugin Vulnerabilities

Description

The weDocs plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.1.15 via the `/wp-json/wp/v2/docs/settings` REST API endpoint. This makes it possible for unauthenticated attackers to extract sensitive data including third party services API keys.

Affects Plugins

Fixed in 2.1.16

References

CVE

URL

https://www.wordfence.com/threat-intel/vulnerabilities/id/cbca3d1e-0985-43d3-855e-eee07715f670

Classification

Type

SENSITIVE DATA DISCLOSURE

OWASP top 10

A3: Sensitive Data Exposure

CWE

CVSS

Miscellaneous

Original Researcher

DityaRA

Verified

No

WPVDB ID

8683b341-266c-400d-b6f2-f8194dd2429d

Timeline

Publicly Published

2026-01-08 (about 4 months ago)

Added

2026-01-08 (about 4 months ago)

Last Updated

2026-01-09 (about 4 months ago)

Other

Published

Title

Published

2023-06-23

Title

MainWP Child < 4.4.1.2 - Sensitive File Disclosure

Published

2023-03-16

Title

WP Tiles <= 1.1.2 - Subscriber+ Draft/Private Post Title Disclosure

Published

2026-05-19

Title

Slider Revolution < 7.0.10 - Unauthenticated Sensitive Information Exposure via 'sliders/stream'

Published

2020-08-10

Title

File Manager < 6.5 - Backup File Directory Listing

Published

2024-11-22

Title

Wp Maximum Upload File Size < 1.1.4 - Authenticated (Author+) Full Path Disclosure