Dokan

Dokan

12 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.3

CVE-2026-10023

  • EPSS 0.25%
  • Veröffentlicht 18.06.2026 03:41:38
  • Zuletzt bearbeitet 18.06.2026 03:41:38

The Dokan: AI Powered WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.0.3 via the change_order_status, add...

8.8

CVE-2026-49780

  • EPSS 0.28%
  • Veröffentlicht 15.06.2026 20:19:28
  • Zuletzt bearbeitet 15.06.2026 21:24:32

Customer Privilege Escalation in Dokan <= 5.0.2 versions.

5.3

CVE-2026-3504

  • EPSS 0.26%
  • Veröffentlicht 02.05.2026 13:26:09
  • Zuletzt bearbeitet 05.05.2026 19:15:06

The Dokan: AI Powered WooCommerce Multivendor Marketplace Solution plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.3.1 via the '/dokan/v1/stores/{id}/reviews' REST API endpoint. This is due...

8.8

CVE-2026-24359

  • EPSS 0.52%
  • Veröffentlicht 25.03.2026 16:14:31
  • Zuletzt bearbeitet 24.04.2026 16:32:53

Authentication Bypass Using an Alternate Path or Channel vulnerability in Dokan, Inc. Dokan dokan-lite allows Authentication Abuse.This issue affects Dokan: from n/a through <= 4.2.4.

8.1

CVE-2025-14977

  • EPSS 0.27%
  • Veröffentlicht 20.01.2026 04:35:45
  • Zuletzt bearbeitet 15.04.2026 00:35:42

The Dokan: AI Powered WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 4.2.4 via the `/wp-json/dokan/v1/settings`...

7.2

CVE-2025-53425

  • EPSS 0.39%
  • Veröffentlicht 22.10.2025 14:32:33
  • Zuletzt bearbeitet 27.04.2026 18:16:21

Incorrect Privilege Assignment vulnerability in Dokan, Inc. Dokan dokan-lite allows Privilege Escalation.This issue affects Dokan: from n/a through <= 4.1.3.

9.8

CVE-2024-3922

  • EPSS 56.21%
  • Veröffentlicht 13.06.2024 02:15:08
  • Zuletzt bearbeitet 08.04.2026 19:21:29

The Dokan Pro plugin for WordPress is vulnerable to SQL Injection via the 'code' parameter in all versions up to, and including, 3.10.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL...

5.4

CVE-2022-3194

Exploit
  • EPSS 0.49%
  • Veröffentlicht 16.01.2024 16:15:09
  • Zuletzt bearbeitet 24.02.2026 20:58:39

The Dokan WordPress plugin before 3.6.4 allows vendors to inject arbitrary javascript in product reviews, which may allow them to run stored XSS attacks against other users like site administrators.

8.1

CVE-2023-26525

  • EPSS 0.57%
  • Veröffentlicht 20.12.2023 18:15:11
  • Zuletzt bearbeitet 28.04.2026 19:19:57

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in weDevs Dokan – Best WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy.This issue affects Dokan – Best WooCommerce Mul...

8.8

CVE-2023-34382

  • EPSS 0.54%
  • Veröffentlicht 19.12.2023 20:15:07
  • Zuletzt bearbeitet 28.04.2026 19:20:45

Deserialization of Untrusted Data vulnerability in weDevs Dokan – Best WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy.This issue affects Dokan – Best WooCommerce Multivendor Marketplace Solution – Build Your Own Amaz...