Lucene search
K

6 matches found

Cvelist
Cvelist
added 2026/06/18 3:41 a.m.29 views

CVE-2026-10023 Dokan: AI Powered WooCommerce Multivendor Marketplace Solution <= 5.0.3 - Insecure Direct Object Reference to Authenticated (Custom+) Arbitrary Order Modification via Multiple AJAX Handlers

The Dokan: AI Powered WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.0.3 via the changeorderstatus, addordernote, deleteordernote,...

4.3CVSS0.0025EPSS
Exploits0References10
CVE
CVE
added 2026/06/18 3:41 a.m.30 views

CVE-2026-10023

Dok an: AI Powered WooCommerce Marketplace Solution

4.3CVSS5.7AI score0.0025EPSS
Exploits0References10
CVE
CVE
added 2026/05/02 1:26 p.m.14 views

CVE-2026-2554

The CVE concerns the WCFM – Frontend Manager for WooCommerce and Bookings Subscription Listings Compatible plugin for WordPress. It describes an Insecure Direct Object Reference vulnerability (CWE/impact not explicitly named in provided text) exposed via the wcfm_delete_wcfm_customer parameter, c...

8.1CVSS5.9AI score0.00328EPSS
Exploits0References3
Patchstack
Patchstack
added 2026/04/03 11:16 p.m.4 views

WordPress WCFM - WooCommerce Frontend Manager plugin <= 6.7.25 - Insecure Direct Object References to Authenticated (Vendor+) Arbitrary Post/Product Manipulation vulnerability

WordPress WCFM - WooCommerce Frontend Manager plugin = 6.7.25 - Insecure Direct Object References to Authenticated Vendor+ Arbitrary Post/Product Manipulation vulnerability discovered by Osvaldo Noe Gonzalez Del Rio Os - krei.dev | ogbuilders.io in WordPress Plugin WCFM – Frontend Manager for...

8.1CVSS5.9AI score0.00351EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2025/08/26 5:7 a.m.9 views

CVE-2025-5931 Dokan Pro <= 4.0.5 - Authenticated (Vendor+) Privilege Escalation

The Dokan Pro plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 4.0.5. This is due to the plugin not properly validating a user's identity prior to updating their password during a staff password reset. This makes it possible for...

8.8CVSS0.00414EPSS
Exploits0References2
Packet Storm
Packet Storm
added 2022/02/21 12:0 a.m.279 views

WordPress WP User Frontend 3.5.25 SQL Injection

Exploit Title: WordPress Plugin WP User Frontend 3.5.25 - SQLi Authenticated Date 20.02.2022 Exploit Author: Ron Jost Hacker5preme Vendor Homepage: https://wedevs.com/ Software Link: https://downloads.wordpress.org/plugin/wp-user-frontend.3.5.25.zip Version: 3.5.25 Tested on: Ubuntu 20.04 CVE:...

8.8CVSS8.8AI score0.1712EPSS
Exploits6
Rows per page
Query Builder