73 matches found
CVE-2026-57706 WordPress Dokan plugin <= 5.0.6 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Dokan, Inc. Dokan dokan-lite allows Reflected XSS.This issue affects Dokan: from n/a through = 5.0.6...
CVE-2026-57706
CVE-2026-57706 affects the WordPress Dokan Dokan-lite plugin (v
WordPress Dokan plugin <= 5.0.6 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by daroo in WordPress Plugin Dokan versions = 5.0.6...
CVE-2026-11987
The Dokan: AI Powered WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.0.4 via the 'id' parameter due to missing validation on a user controlled key. This...
CVE-2026-11783
The Dokan: AI Powered WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Product SKU in all versions up to, and including, 5.0.4 due to insufficient input sanitization and output escaping. This mak...
CVE-2026-11783
The CVE concerns the Dokan: AI Powered WooCommerce Multivendor Marketplace Solution for WordPress. A Stored XSS flaw exists in all versions up to 5.0.4 due to insufficient input sanitization and output escaping of the Product SKU, enabling an authenticated attacker with custom-level access or hig...
CVE-2026-11987 Dokan: AI Powered WooCommerce Multivendor Marketplace Solution <= 5.0.4 - Authenticated (Subscriber+) Insecure Direct Object Reference to Information Disclosure via 'id' Parameter
The Dokan: AI Powered WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.0.4 via the 'id' parameter due to missing validation on a user controlled key. This...
CVE-2026-11987
The Dokan: AI Powered WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.0.4 via the 'id' parameter due to missing validation on a user controlled key. This...
EUVD-2026-39948
The Dokan: AI Powered WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.0.4 via the 'id' parameter due to missing validation on a user controlled key. This...
CVE-2026-11987
The Dokan: AI Powered WooCommerce Multivendor Marketplace Solution (WordPress) up to version 5.0.4 is vulnerable to Insecure Direct Object Reference via the id parameter due to missing validation on a user‑controlled key. Authenticated attackers with subscriber+ access can read other vendors’ pro...
PT-2026-53051
Name of the Vulnerable Software and Affected Versions Dokan: AI Powered WooCommerce Multivendor Marketplace Solution versions prior to 5.0.5 Description Stored Cross-Site Scripting occurs due to insufficient input sanitization and output escaping. Authenticated attackers with custom-level access ...
PT-2026-53052
Name of the Vulnerable Software and Affected Versions Dokan: AI Powered WooCommerce Multivendor Marketplace Solution versions prior to 5.0.5 Description An Insecure Direct Object Reference exists due to missing validation on a user-controlled key. Authenticated attackers with subscriber-level...
CVE-2026-10023
The Dokan: AI Powered WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.0.3 via the changeorderstatus, addordernote, deleteordernote,...
EUVD-2026-37835
The Dokan: AI Powered WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.0.3 via the changeorderstatus, addordernote, deleteordernote,...
CVE-2026-10023
The Dokan: AI Powered WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.0.3 via the changeorderstatus, addordernote, deleteordernote,...
CVE-2026-10023
Dok an: AI Powered WooCommerce Marketplace Solution
WordPress Dokan: AI Powered WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy plugin <= 5.0.3 - Insecure Direct Object Reference to Authenticated (Custom+) Arbitrary Order Modification vulnerability
Insecure Direct Object Reference to Authenticated Custom+ Arbitrary Order Modification vulnerability discovered by Kirasec in WordPress Plugin Dokan versions = 5.0.3...
CVE-2026-49780 WordPress Dokan plugin <= 5.0.2 - Privilege Escalation vulnerability
Customer Privilege Escalation in Dokan = 5.0.2 versions...
CVE-2026-49780
Technical details are not publicly available in the provided documents. Monitor for updates.
WordPress Dokan plugin <= 5.0.2 - Privilege Escalation vulnerability
Privilege Escalation vulnerability discovered by Nguyen Ba Khanh in WordPress Plugin Dokan versions = 5.0.2...