2 matches found
CVE-2026-12224
The Dokan Pro plugin for WordPress is vulnerable to privilege escalation via updatecapabilities REST Endpoint in all versions up to, and including, 5.0.4. This is due to the updatecapabilities REST handler accepting arbitrary capability strings from the request body and passing them directly to...
PT-2025-34740
Name of the Vulnerable Software and Affected Versions: Dokan Pro versions prior to 4.0.6 Description: The Dokan Pro plugin for WordPress is susceptible to privilege escalation via account takeover. The issue stems from insufficient user identity validation during staff password resets, allowing...