CVE-2025-12505

The weDocs plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 2.1.14. This is due to the plugin not properly verifying that a user is authorized to perform an action in the create_item_permissions_check function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to modify global plugin settings.

More information : https://github.com/weDevsOfficial/wedocs-plugin/blob/develop/includes/API/SettingsApi.php