Dokan Pro <= 3.10.3 - SQL Injection

The Dokan Pro plugin for WordPress is vulnerable to SQL Injection via the 'code' parameter in all versions up to, and including, 3.10.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. id: CVE-2024-3922 info: name: Dokan Pro...

CVE-2025-39497

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Dokan Dokan Pro allows Stored XSS.This issue affects Dokan Pro: from n/a through 3.14.5...

CVE-2025-39497

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Dokan Dokan Pro allows Stored XSS.This issue affects Dokan Pro: from n/a through 3.14.5...

CVE-2025-39497 WordPress Dokan Pro plugin <= 3.14.5 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Dokan Dokan Pro allows Stored XSS.This issue affects Dokan Pro: from n/a through 3.14.5...

EUVD-2026-0835

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Dokan Dokan Pro allows Stored XSS.This issue affects Dokan Pro: from n/a through 3.14.5...

CVE-2025-39497 WordPress Dokan Pro plugin <= 3.14.5 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Dokan Dokan Pro allows Stored XSS.This issue affects Dokan Pro: from n/a through 3.14.5...

CVE-2025-39497

CVE-2025-39497 is a Stored XSS in WordPress Dokan Pro plugin (

PT-2026-1302

Name of the Vulnerable Software and Affected Versions Dokan Pro versions through 3.14.5 Description A flaw exists in Dokan Pro that allows for Stored Cross-Site Scripting XSS. This issue is due to improper neutralization of input during web page generation. An attacker could potentially inject...

WordPress plugin Dokan Pro 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin.... A cross-sit...

CVE-2025-12809

The Dokan Pro plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the /dokan/v1/wholesale/register REST API endpoint in all versions up to, and including, 4.1.3. This makes it possible for unauthenticated attackers to enumerate users and retrieve...

CVE-2025-12809

The Dokan Pro plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the /dokan/v1/wholesale/register REST API endpoint in all versions up to, and including, 4.1.3. This makes it possible for unauthenticated attackers to enumerate users and retrieve...

CVE-2025-12809 dokan pro <= 4.1.3 - Missing Authorization to Unauthenticated Sensitive Information Exposure

The Dokan Pro plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the /dokan/v1/wholesale/register REST API endpoint in all versions up to, and including, 4.1.3. This makes it possible for unauthenticated attackers to enumerate users and retrieve...

CVE-2025-12809

CVE-2025-12809 : Dokan Pro (WordPress plugin) suffers an unauthenticated access flaw on REST endpoint /dokan/v1/wholesale/register due to a missing authorization check, enabling user data enumeration (emails, usernames, display names, roles, registration dates). Wordfence reports this and notes t...

EUVD-2025-203498

The Dokan Pro plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the /dokan/v1/wholesale/register REST API endpoint in all versions up to, and including, 4.1.3. This makes it possible for unauthenticated attackers to enumerate users and retrieve...

CVE-2025-12809 dokan pro <= 4.1.3 - Missing Authorization to Unauthenticated Sensitive Information Exposure

The Dokan Pro plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the /dokan/v1/wholesale/register REST API endpoint in all versions up to, and including, 4.1.3. This makes it possible for unauthenticated attackers to enumerate users and retrieve...

WordPress dokan pro plugin <= 4.1.3 - Missing Authorization to Unauthenticated Sensitive Information Exposure vulnerability

Missing Authorization to Unauthenticated Sensitive Information Exposure vulnerability discovered by Ahmed Rayen Ayari in WordPress Plugin Dokan Pro versions = 4.1.3...

WordPress plugin Dokan Pro 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

PT-2025-51371

Name of the Vulnerable Software and Affected Versions Dokan Pro versions through 4.1.3 Description The Dokan Pro plugin for WordPress has a flaw that allows unauthorized access to data. This is due to a missing capability check on the /dokan/v1/wholesale/register API endpoint. An unauthenticated...

EUVD-2025-25808

Malicious code in bioql PyPI...

CVE-2025-5931

The Dokan Pro plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 4.0.5. This is due to the plugin not properly validating a user's identity prior to updating their password during a staff password reset. This makes it possible for...