Lucene search
K

4 matches found

NVD
NVD
added 5 hours ago3 views

CVE-2026-12224

The Dokan Pro plugin for WordPress is vulnerable to privilege escalation via updatecapabilities REST Endpoint in all versions up to, and including, 5.0.4. This is due to the updatecapabilities REST handler accepting arbitrary capability strings from the request body and passing them directly to...

8.8CVSS
Exploits0References2
CVE
CVE
added 6 hours ago5 views

CVE-2026-12224

The CVE-2026-12224 entry concerns the Dokan Pro plugin for WordPress. The vulnerability arises in the update_capabilities REST endpoint, which accepts arbitrary capability strings from the request body and passes them to WP_User::add_cap() without allowlist validation, with only the caller’s doka...

8.8CVSS5.7AI score
Exploits0References2
Cvelist
Cvelist
added 6 hours ago7 views

CVE-2026-12224 Dokan Pro <= 5.0.4 - Authenticated (Vendor+) Privilege Escalation via update_capabilities REST Endpoint

The Dokan Pro plugin for WordPress is vulnerable to privilege escalation via updatecapabilities REST Endpoint in all versions up to, and including, 5.0.4. This is due to the updatecapabilities REST handler accepting arbitrary capability strings from the request body and passing them directly to...

8.8CVSS
Exploits0References2
EUVD
EUVD
added 6 hours ago4 views

EUVD-2026-40928

The Dokan Pro plugin for WordPress is vulnerable to privilege escalation via updatecapabilities REST Endpoint in all versions up to, and including, 5.0.4. This is due to the updatecapabilities REST handler accepting arbitrary capability strings from the request body and passing them directly to...

8.8CVSS5.7AI score
Exploits0References2
Rows per page
Query Builder