weDocs: Insufficient Access Control Exposes Sensitive Content

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

weDocs: Insufficient Access Control Exposes Sensitive Content

CVE-2026-39520

Summary

WeDocs, a document management plugin, has a security issue that allows unauthorized users to access sensitive content. This means that users who shouldn't have access to certain documents might be able to view them if the access controls are not set up correctly. To fix this, update weDocs to the latest version to ensure that access controls are working as intended.

Original title

Missing Authorization vulnerability in weDevs weDocs wedocs allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects weDocs: from n/a through <= 2.1.18.

Original description

Missing Authorization vulnerability in weDevs weDocs wedocs allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects weDocs: from n/a through <= 2.1.18.

Vulnerability type

CWE-862 Missing Authorization

https://patchstack.com/database/Wordpress/Plugin/wedocs/vulnerability/wordpress-...

Published: 8 Apr 2026 · Updated: 9 Apr 2026 · First seen: 8 Apr 2026