Dokan Pro <= 3.10.3 - SQL Injection

The Dokan Pro plugin for WordPress is vulnerable to SQL Injection via the 'code' parameter in all versions up to, and including, 3.10.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. id: CVE-2024-3922 info: name: Dokan Pro...

CVE-2026-56033

Unauthenticated Privilege Escalation in Dokan Pro = 5.0.4 versions...

CVE-2026-56033

CVE-2026-56033 affects the WordPress Dokan Pro plugin, versions

EUVD-2026-39696

Unauthenticated Privilege Escalation in Dokan Pro = 5.0.4 versions...

CVE-2026-56033 WordPress Dokan Pro plugin <= 5.0.4 - Privilege Escalation vulnerability

Unauthenticated Privilege Escalation in Dokan Pro = 5.0.4 versions...

WordPress Dokan Pro plugin <= 5.0.4 - Authenticated (Subscriber+) SQL Injection vulnerability

Authenticated Subscriber+ SQL Injection vulnerability discovered by lb in WordPress Plugin Dokan Pro versions = 5.0.4...

CVE-2026-12077

The Dokan Pro plugin for WordPress is vulnerable to time-based SQL Injection via the via 'latitude' and 'longitude' parameters in all versions up to, and including, 5.0.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This...

CVE-2026-12079

The Dokan Pro plugin for WordPress is vulnerable to time-based SQL Injection via the ’orderby’ parameter in all versions up to, and including, 5.0.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

EUVD-2026-39166

The Dokan Pro plugin for WordPress is vulnerable to time-based SQL Injection via the via 'latitude' and 'longitude' parameters in all versions up to, and including, 5.0.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This...

CVE-2026-12077

CVE-2026-12077 : The Dokan Pro plugin for WordPress (up to version 5.0.4) is vulnerable to a time-based SQL Injection via the latitude and longitude parameters. The root cause is insufficient escaping of user-supplied input and lack of proper preparation in the existing SQL query, enabling unauth...

CVE-2026-12079

The CVE-2026-12079 entry concerns the Dokan Pro WordPress plugin. A time‑based SQL Injection exists via the 'orderby' parameter in all versions up to 5.0.4, caused by insufficient escaping of the user‑supplied value and inadequate SQL query preparation. Authenticated users with Subscriber‑level a...

CVE-2026-12079 Dokan Pro <= 5.0.4 - Authenticated (Subscriber+) SQL Injection via 'orderby' Parameter

The Dokan Pro plugin for WordPress is vulnerable to time-based SQL Injection via the ’orderby’ parameter in all versions up to, and including, 5.0.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

EUVD-2026-39165

The Dokan Pro plugin for WordPress is vulnerable to time-based SQL Injection via the ’orderby’ parameter in all versions up to, and including, 5.0.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

WordPress Dokan Pro plugin <= 5.0.4 - Privilege Escalation vulnerability

Privilege Escalation vulnerability discovered by VanTastic in WordPress Plugin Dokan Pro versions = 5.0.4...

CVE-2025-39497

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Dokan Dokan Pro allows Stored XSS.This issue affects Dokan Pro: from n/a through 3.14.5...

CVE-2025-39497

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Dokan Dokan Pro allows Stored XSS.This issue affects Dokan Pro: from n/a through 3.14.5...

CVE-2025-39497

CVE-2025-39497 is a Stored XSS in WordPress Dokan Pro plugin (

CVE-2025-39497 WordPress Dokan Pro plugin <= 3.14.5 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Dokan Dokan Pro allows Stored XSS.This issue affects Dokan Pro: from n/a through 3.14.5...

EUVD-2026-0835

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Dokan Dokan Pro allows Stored XSS.This issue affects Dokan Pro: from n/a through 3.14.5...

CVE-2025-39497 WordPress Dokan Pro plugin <= 3.14.5 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Dokan Dokan Pro allows Stored XSS.This issue affects Dokan Pro: from n/a through 3.14.5...