Lucene search
K

5 matches found

NVD
NVD
added 7 hours ago4 views

CVE-2026-12224

The Dokan Pro plugin for WordPress is vulnerable to privilege escalation via updatecapabilities REST Endpoint in all versions up to, and including, 5.0.4. This is due to the updatecapabilities REST handler accepting arbitrary capability strings from the request body and passing them directly to...

8.8CVSS
Exploits0References2
Cvelist
Cvelist
added 9 hours ago7 views

CVE-2026-12224 Dokan Pro <= 5.0.4 - Authenticated (Vendor+) Privilege Escalation via update_capabilities REST Endpoint

The Dokan Pro plugin for WordPress is vulnerable to privilege escalation via updatecapabilities REST Endpoint in all versions up to, and including, 5.0.4. This is due to the updatecapabilities REST handler accepting arbitrary capability strings from the request body and passing them directly to...

8.8CVSS
Exploits0References2
CVE
CVE
added 9 hours ago5 views

CVE-2026-12224

The CVE-2026-12224 entry concerns the Dokan Pro plugin for WordPress. The vulnerability arises in the update_capabilities REST endpoint, which accepts arbitrary capability strings from the request body and passes them to WP_User::add_cap() without allowlist validation, with only the caller’s doka...

8.8CVSS5.7AI score
Exploits0References2
EUVD
EUVD
added 9 hours ago4 views

EUVD-2026-40928

The Dokan Pro plugin for WordPress is vulnerable to privilege escalation via updatecapabilities REST Endpoint in all versions up to, and including, 5.0.4. This is due to the updatecapabilities REST handler accepting arbitrary capability strings from the request body and passing them directly to...

8.8CVSS5.7AI score
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2021/08/03 12:0 a.m.2 views

The vulnerability of the updateCapabilities function (ConnectivityService.java) in the Android operating system, related to a lack of implementation for thread management, allows a perpetrator to access confidential information.

The vulnerability of the updateCapabilities function in ConnectivityService.java on the Android operating system is related to a lack of implementation for thread management. Exploiting this vulnerability could allow an attacker who operates remotely to gain access to confidential information...

7.8CVSS7.2AI score0.00802EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder