CVE-2024-3922 Dokan Pro <= 3.10.3 - Unauthenticated SQL Injection

The Dokan Pro plugin for WordPress is vulnerable to SQL Injection via the 'code' parameter in all versions up to, and including, 3.10.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

CVE-2024-3922 Dokan Pro <= 3.10.3 - Unauthenticated SQL Injection

The Dokan Pro plugin for WordPress is vulnerable to SQL Injection via the 'code' parameter in all versions up to, and including, 3.10.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

WordPress plugin Dokan Pro security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

Wordpress Dokan Pro plugin <= 3.10.3 - Unauthenticated SQL Injection vulnerability

Unauthenticated SQL Injection vulnerability discovered by villu164 in WordPress Plugin Dokan Pro versions = 3.10.3...

WordPress Dokan Pro Plugin <= 3.10.3 is vulnerable to SQL Injection

Software Dokan Pro Type Plugin Vulnerable versions = 3.10.3 Fixed in 3.11.0 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-3922 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID 26604a730056 Credits villu164 Required privilege Unauthenticated Publishe...

CVE-2022-3194

The Dokan WordPress plugin before 3.6.4 allows vendors to inject arbitrary javascript in product reviews, which may allow them to run stored XSS attacks against other users like site administrators...

CVE-2022-3194

The Dokan WordPress plugin before 3.6.4 allows vendors to inject arbitrary javascript in product reviews, which may allow them to run stored XSS attacks against other users like site administrators...

Cross site scripting

The Dokan WordPress plugin before 3.6.4 allows vendors to inject arbitrary javascript in product reviews, which may allow them to run stored XSS attacks against other users like site administrators...

CVE-2022-3194

The CVE-2022-3194 entry concerns the Dokan WordPress plugin. Affected software: Dokan up to version 3.6.4. Vulnerability: vendors can inject arbitrary JavaScript into product reviews, enabling stored XSS attacks against other users, including site administrators. Root cause: injection via review ...

CVE-2022-3194 Dokan < 3.6.4 - Vendor Stored Cross-Site Scripting

The Dokan WordPress plugin before 3.6.4 allows vendors to inject arbitrary javascript in product reviews, which may allow them to run stored XSS attacks against other users like site administrators...

CVE-2022-3194 Dokan < 3.6.4 - Vendor Stored Cross-Site Scripting

The Dokan WordPress plugin before 3.6.4 allows vendors to inject arbitrary javascript in product reviews, which may allow them to run stored XSS attacks against other users like site administrators...

WordPress plugin Dokan security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability previously...

CVE-2023-26525

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in weDevs Dokan – Best WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy.This issue affects Dokan – Best WooCommerce Multivendor Marketplace Solution – Build Your Own...

CVE-2023-26525

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in weDevs Dokan – Best WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy.This issue affects Dokan – Best WooCommerce Multivendor Marketplace Solution – Build Your Own...

Sql injection

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in weDevs Dokan – Best WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy.This issue affects Dokan – Best WooCommerce Multivendor Marketplace Solution – Build Your Own...

CVE-2023-26525 WordPress Dokan Plugin <= 3.7.12 is vulnerable to SQL Injection

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in weDevs Dokan – Best WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy.This issue affects Dokan – Best WooCommerce Multivendor Marketplace Solution – Build Your Own...

CVE-2023-26525

CVE-2023-26525 concerns the WordPress Dokan plugin (Best WooCommerce Multivendor Marketplace) with an SQL Injection vulnerability in versions up to and including 3.7.12. The underlying issue is improper neutralization of input in SQL commands, exploitable by an authenticated attacker with vendor ...

PT-2023-20701 · Wedevs · Wedevs Dokan

Name of the Vulnerable Software and Affected Versions: weDevs Dokan – Best WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy versions n/a through 3.7.12 Description: The issue is related to an Improper Neutralization of Special Elements used in an SQL Command, also...

WordPress Plugin Dokan SQL Injection Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress Plugin Dokan...

CVE-2023-34382

Deserialization of Untrusted Data vulnerability in weDevs Dokan – Best WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy.This issue affects Dokan – Best WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy: from n/a through 3.7.19...