59 matches found
Dokan Pro <= 3.10.3 - SQL Injection
The Dokan Pro plugin for WordPress is vulnerable to SQL Injection via the 'code' parameter in all versions up to, and including, 3.10.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. id: CVE-2024-3922 info: name: Dokan Pro...
CVE-2026-12224
The Dokan Pro plugin for WordPress is vulnerable to privilege escalation via updatecapabilities REST Endpoint in all versions up to, and including, 5.0.4. This is due to the updatecapabilities REST handler accepting arbitrary capability strings from the request body and passing them directly to...
EUVD-2026-40928
The Dokan Pro plugin for WordPress is vulnerable to privilege escalation via updatecapabilities REST Endpoint in all versions up to, and including, 5.0.4. This is due to the updatecapabilities REST handler accepting arbitrary capability strings from the request body and passing them directly to...
CVE-2026-12224 Dokan Pro <= 5.0.4 - Authenticated (Vendor+) Privilege Escalation via update_capabilities REST Endpoint
The Dokan Pro plugin for WordPress is vulnerable to privilege escalation via updatecapabilities REST Endpoint in all versions up to, and including, 5.0.4. This is due to the updatecapabilities REST handler accepting arbitrary capability strings from the request body and passing them directly to...
CVE-2026-12224
The CVE-2026-12224 entry concerns the Dokan Pro plugin for WordPress. The vulnerability arises in the update_capabilities REST endpoint, which accepts arbitrary capability strings from the request body and passes them to WP_User::add_cap() without allowlist validation, with only the caller’s doka...
CVE-2026-56033
Unauthenticated Privilege Escalation in Dokan Pro = 5.0.4 versions...
CVE-2026-56033
CVE-2026-56033 affects the WordPress Dokan Pro plugin, versions
EUVD-2026-39696
Unauthenticated Privilege Escalation in Dokan Pro = 5.0.4 versions...
CVE-2026-56033 WordPress Dokan Pro plugin <= 5.0.4 - Privilege Escalation vulnerability
Unauthenticated Privilege Escalation in Dokan Pro = 5.0.4 versions...
WordPress Dokan Pro plugin <= 5.0.4 - Unauthenticated SQL Injection vulnerability
Unauthenticated SQL Injection vulnerability discovered by lb in WordPress Plugin Dokan Pro versions = 5.0.4...
WordPress Dokan Pro plugin <= 5.0.4 - Authenticated (Subscriber+) SQL Injection vulnerability
Authenticated Subscriber+ SQL Injection vulnerability discovered by lb in WordPress Plugin Dokan Pro versions = 5.0.4...
CVE-2026-12079
The Dokan Pro plugin for WordPress is vulnerable to time-based SQL Injection via the ’orderby’ parameter in all versions up to, and including, 5.0.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...
CVE-2026-12077
The Dokan Pro plugin for WordPress is vulnerable to time-based SQL Injection via the via 'latitude' and 'longitude' parameters in all versions up to, and including, 5.0.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This...
CVE-2026-12077 Dokan Pro <= 5.0.4 - Unauthenticated SQL Injection via 'latitude' and 'longitude' Parameters
The Dokan Pro plugin for WordPress is vulnerable to time-based SQL Injection via the via 'latitude' and 'longitude' parameters in all versions up to, and including, 5.0.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This...
EUVD-2026-39166
The Dokan Pro plugin for WordPress is vulnerable to time-based SQL Injection via the via 'latitude' and 'longitude' parameters in all versions up to, and including, 5.0.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This...
CVE-2026-12077
CVE-2026-12077 : The Dokan Pro plugin for WordPress (up to version 5.0.4) is vulnerable to a time-based SQL Injection via the latitude and longitude parameters. The root cause is insufficient escaping of user-supplied input and lack of proper preparation in the existing SQL query, enabling unauth...
CVE-2026-12079 Dokan Pro <= 5.0.4 - Authenticated (Subscriber+) SQL Injection via 'orderby' Parameter
The Dokan Pro plugin for WordPress is vulnerable to time-based SQL Injection via the ’orderby’ parameter in all versions up to, and including, 5.0.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...
EUVD-2026-39165
The Dokan Pro plugin for WordPress is vulnerable to time-based SQL Injection via the ’orderby’ parameter in all versions up to, and including, 5.0.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...
CVE-2026-12079
The CVE-2026-12079 entry concerns the Dokan Pro WordPress plugin. A time‑based SQL Injection exists via the 'orderby' parameter in all versions up to 5.0.4, caused by insufficient escaping of the user‑supplied value and inadequate SQL query preparation. Authenticated users with Subscriber‑level a...
PT-2026-52192
Name of the Vulnerable Software and Affected Versions Dokan Pro versions prior to 5.0.5 Description The Dokan Pro plugin for WordPress contains a time-based SQL Injection flaw. This occurs because the software does not sufficiently escape user-supplied input or properly prepare the SQL query...