Lucene search
K

183 matches found

Nuclei
Nuclei
added 14 hours ago144 views

Dokan Pro <= 3.10.3 - SQL Injection

The Dokan Pro plugin for WordPress is vulnerable to SQL Injection via the 'code' parameter in all versions up to, and including, 3.10.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. id: CVE-2024-3922 info: name: Dokan Pro...

10CVSS6.1AI score0.56209EPSS
Exploits0References2
NVD
NVD
added 2 days ago3 views

CVE-2026-57706

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Dokan, Inc. Dokan dokan-lite allows Reflected XSS.This issue affects Dokan: from n/a through = 5.0.6...

7.1CVSS0.0018EPSS
Exploits0References1
Cvelist
Cvelist
added 2 days ago28 views

CVE-2026-57706 WordPress Dokan plugin <= 5.0.6 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Dokan, Inc. Dokan dokan-lite allows Reflected XSS.This issue affects Dokan: from n/a through = 5.0.6...

7.1CVSS0.0018EPSS
Exploits0References1
CVE
CVE
added 2 days ago7 views

CVE-2026-57706

CVE-2026-57706 affects the WordPress Dokan Dokan-lite plugin (v

7.1CVSS6.1AI score0.0018EPSS
Exploits0References1
Patchstack
Patchstack
added 5 days ago5 views

WordPress Dokan plugin <= 5.0.6 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by daroo in WordPress Plugin Dokan versions = 5.0.6...

7.1CVSS6.1AI score0.0018EPSS
Exploits0Affected Software1
NVD
NVD
added 2026/07/01 8:16 a.m.8 views

CVE-2026-12224

The Dokan Pro plugin for WordPress is vulnerable to privilege escalation via updatecapabilities REST Endpoint in all versions up to, and including, 5.0.4. This is due to the updatecapabilities REST handler accepting arbitrary capability strings from the request body and passing them directly to...

8.8CVSS0.00246EPSS
Exploits0References2
EUVD
EUVD
added 2026/07/01 6:51 a.m.8 views

EUVD-2026-40928

The Dokan Pro plugin for WordPress is vulnerable to privilege escalation via updatecapabilities REST Endpoint in all versions up to, and including, 5.0.4. This is due to the updatecapabilities REST handler accepting arbitrary capability strings from the request body and passing them directly to...

8.8CVSS5.7AI score0.00246EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/07/01 6:51 a.m.38 views

CVE-2026-12224 Dokan Pro <= 5.0.4 - Authenticated (Vendor+) Privilege Escalation via update_capabilities REST Endpoint

The Dokan Pro plugin for WordPress is vulnerable to privilege escalation via updatecapabilities REST Endpoint in all versions up to, and including, 5.0.4. This is due to the updatecapabilities REST handler accepting arbitrary capability strings from the request body and passing them directly to...

8.8CVSS0.00246EPSS
Exploits0References2
CVE
CVE
added 2026/07/01 6:51 a.m.21 views

CVE-2026-12224

The CVE-2026-12224 entry concerns the Dokan Pro plugin for WordPress. The vulnerability arises in the update_capabilities REST endpoint, which accepts arbitrary capability strings from the request body and passes them to WP_User::add_cap() without allowlist validation, with only the caller’s doka...

8.8CVSS5.7AI score0.00246EPSS
Exploits0References2
NVD
NVD
added 2026/06/27 8:16 a.m.16 views

CVE-2026-11987

The Dokan: AI Powered WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.0.4 via the 'id' parameter due to missing validation on a user controlled key. This...

4.3CVSS0.00271EPSS
Exploits0References14
NVD
NVD
added 2026/06/27 8:16 a.m.9 views

CVE-2026-11783

The Dokan: AI Powered WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Product SKU in all versions up to, and including, 5.0.4 due to insufficient input sanitization and output escaping. This mak...

6.4CVSS0.0022EPSS
Exploits0References8
EUVD
EUVD
added 2026/06/27 6:50 a.m.10 views

EUVD-2026-39950

The Dokan: AI Powered WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Product SKU in all versions up to, and including, 5.0.4 due to insufficient input sanitization and output escaping. This mak...

6.4CVSS5.8AI score0.0022EPSS
Exploits0References8
CVE
CVE
added 2026/06/27 6:50 a.m.16 views

CVE-2026-11783

The CVE concerns the Dokan: AI Powered WooCommerce Multivendor Marketplace Solution for WordPress. A Stored XSS flaw exists in all versions up to 5.0.4 due to insufficient input sanitization and output escaping of the Product SKU, enabling an authenticated attacker with custom-level access or hig...

6.4CVSS5.8AI score0.0022EPSS
Exploits0References8
CVE
CVE
added 2026/06/27 6:50 a.m.20 views

CVE-2026-11987

The Dokan: AI Powered WooCommerce Multivendor Marketplace Solution (WordPress) up to version 5.0.4 is vulnerable to Insecure Direct Object Reference via the id parameter due to missing validation on a user‑controlled key. Authenticated attackers with subscriber+ access can read other vendors’ pro...

4.3CVSS5.7AI score0.00271EPSS
Exploits0References14
Cvelist
Cvelist
added 2026/06/27 6:50 a.m.41 views

CVE-2026-11987 Dokan: AI Powered WooCommerce Multivendor Marketplace Solution <= 5.0.4 - Authenticated (Subscriber+) Insecure Direct Object Reference to Information Disclosure via 'id' Parameter

The Dokan: AI Powered WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.0.4 via the 'id' parameter due to missing validation on a user controlled key. This...

4.3CVSS0.00271EPSS
Exploits0References14
ATTACKERKB
ATTACKERKB
added 2026/06/27 6:50 a.m.8 views

CVE-2026-11987

The Dokan: AI Powered WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.0.4 via the 'id' parameter due to missing validation on a user controlled key. This...

4.3CVSS5.7AI score0.00271EPSS
Exploits0References15
EUVD
EUVD
added 2026/06/27 6:50 a.m.9 views

EUVD-2026-39948

The Dokan: AI Powered WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.0.4 via the 'id' parameter due to missing validation on a user controlled key. This...

4.3CVSS5.7AI score0.00271EPSS
Exploits0References14
Positive Technologies
Positive Technologies
added 2026/06/27 12:0 a.m.12 views

PT-2026-53051

Name of the Vulnerable Software and Affected Versions Dokan: AI Powered WooCommerce Multivendor Marketplace Solution versions prior to 5.0.5 Description Stored Cross-Site Scripting occurs due to insufficient input sanitization and output escaping. Authenticated attackers with custom-level access ...

6.4CVSS5.8AI score0.0022EPSS
Exploits0References14
Positive Technologies
Positive Technologies
added 2026/06/27 12:0 a.m.19 views

PT-2026-53052

Name of the Vulnerable Software and Affected Versions Dokan: AI Powered WooCommerce Multivendor Marketplace Solution versions prior to 5.0.5 Description An Insecure Direct Object Reference exists due to missing validation on a user-controlled key. Authenticated attackers with subscriber-level...

4.3CVSS5.8AI score0.00271EPSS
Exploits0References20
NVD
NVD
added 2026/06/26 3:16 p.m.6 views

CVE-2026-56033

Unauthenticated Privilege Escalation in Dokan Pro = 5.0.4 versions...

9.8CVSS0.00331EPSS
Exploits0References1
Rows per page
Query Builder