Lucene search
K

59 matches found

Nuclei
Nuclei
added yesterday78 views

Dokan Pro <= 3.10.3 - SQL Injection

The Dokan Pro plugin for WordPress is vulnerable to SQL Injection via the 'code' parameter in all versions up to, and including, 3.10.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. id: CVE-2024-3922 info: name: Dokan Pro...

10CVSS5.8AI score0.56209EPSS
Exploits0References2
NVD
NVD
added 2 days ago6 views

CVE-2026-12224

The Dokan Pro plugin for WordPress is vulnerable to privilege escalation via updatecapabilities REST Endpoint in all versions up to, and including, 5.0.4. This is due to the updatecapabilities REST handler accepting arbitrary capability strings from the request body and passing them directly to...

8.8CVSS0.00246EPSS
Exploits0References2
EUVD
EUVD
added 2 days ago6 views

EUVD-2026-40928

The Dokan Pro plugin for WordPress is vulnerable to privilege escalation via updatecapabilities REST Endpoint in all versions up to, and including, 5.0.4. This is due to the updatecapabilities REST handler accepting arbitrary capability strings from the request body and passing them directly to...

8.8CVSS5.7AI score0.00246EPSS
Exploits0References2
Cvelist
Cvelist
added 2 days ago33 views

CVE-2026-12224 Dokan Pro <= 5.0.4 - Authenticated (Vendor+) Privilege Escalation via update_capabilities REST Endpoint

The Dokan Pro plugin for WordPress is vulnerable to privilege escalation via updatecapabilities REST Endpoint in all versions up to, and including, 5.0.4. This is due to the updatecapabilities REST handler accepting arbitrary capability strings from the request body and passing them directly to...

8.8CVSS0.00246EPSS
Exploits0References2
CVE
CVE
added 2 days ago10 views

CVE-2026-12224

The CVE-2026-12224 entry concerns the Dokan Pro plugin for WordPress. The vulnerability arises in the update_capabilities REST endpoint, which accepts arbitrary capability strings from the request body and passes them to WP_User::add_cap() without allowlist validation, with only the caller’s doka...

8.8CVSS5.7AI score0.00246EPSS
Exploits0References2
NVD
NVD
added last week5 views

CVE-2026-56033

Unauthenticated Privilege Escalation in Dokan Pro = 5.0.4 versions...

9.8CVSS0.00331EPSS
Exploits0References1
CVE
CVE
added last week10 views

CVE-2026-56033

CVE-2026-56033 affects the WordPress Dokan Pro plugin, versions

9.8CVSS5.8AI score0.00331EPSS
Exploits0References1
EUVD
EUVD
added last week4 views

EUVD-2026-39696

Unauthenticated Privilege Escalation in Dokan Pro = 5.0.4 versions...

9.8CVSS5.8AI score0.00331EPSS
Exploits0References1
Cvelist
Cvelist
added last week33 views

CVE-2026-56033 WordPress Dokan Pro plugin <= 5.0.4 - Privilege Escalation vulnerability

Unauthenticated Privilege Escalation in Dokan Pro = 5.0.4 versions...

9.8CVSS0.00331EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/06/25 8:9 a.m.6 views

WordPress Dokan Pro plugin <= 5.0.4 - Unauthenticated SQL Injection vulnerability

Unauthenticated SQL Injection vulnerability discovered by lb in WordPress Plugin Dokan Pro versions = 5.0.4...

7.5CVSS6AI score0.00273EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/06/25 8:4 a.m.6 views

WordPress Dokan Pro plugin <= 5.0.4 - Authenticated (Subscriber+) SQL Injection vulnerability

Authenticated Subscriber+ SQL Injection vulnerability discovered by lb in WordPress Plugin Dokan Pro versions = 5.0.4...

6.5CVSS6AI score0.00224EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/06/25 4:17 a.m.9 views

CVE-2026-12079

The Dokan Pro plugin for WordPress is vulnerable to time-based SQL Injection via the ’orderby’ parameter in all versions up to, and including, 5.0.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

6.5CVSS0.00224EPSS
Exploits0References2
NVD
NVD
added 2026/06/25 4:17 a.m.7 views

CVE-2026-12077

The Dokan Pro plugin for WordPress is vulnerable to time-based SQL Injection via the via 'latitude' and 'longitude' parameters in all versions up to, and including, 5.0.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This...

7.5CVSS0.00273EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/25 3:42 a.m.30 views

CVE-2026-12077 Dokan Pro <= 5.0.4 - Unauthenticated SQL Injection via 'latitude' and 'longitude' Parameters

The Dokan Pro plugin for WordPress is vulnerable to time-based SQL Injection via the via 'latitude' and 'longitude' parameters in all versions up to, and including, 5.0.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This...

7.5CVSS0.00273EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/25 3:42 a.m.5 views

EUVD-2026-39166

The Dokan Pro plugin for WordPress is vulnerable to time-based SQL Injection via the via 'latitude' and 'longitude' parameters in all versions up to, and including, 5.0.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This...

7.5CVSS6AI score0.00273EPSS
Exploits0References2
CVE
CVE
added 2026/06/25 3:42 a.m.14 views

CVE-2026-12077

CVE-2026-12077 : The Dokan Pro plugin for WordPress (up to version 5.0.4) is vulnerable to a time-based SQL Injection via the latitude and longitude parameters. The root cause is insufficient escaping of user-supplied input and lack of proper preparation in the existing SQL query, enabling unauth...

7.5CVSS6AI score0.00273EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/25 3:42 a.m.31 views

CVE-2026-12079 Dokan Pro <= 5.0.4 - Authenticated (Subscriber+) SQL Injection via 'orderby' Parameter

The Dokan Pro plugin for WordPress is vulnerable to time-based SQL Injection via the ’orderby’ parameter in all versions up to, and including, 5.0.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

6.5CVSS0.00224EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/25 3:42 a.m.5 views

EUVD-2026-39165

The Dokan Pro plugin for WordPress is vulnerable to time-based SQL Injection via the ’orderby’ parameter in all versions up to, and including, 5.0.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

6.5CVSS6AI score0.00224EPSS
Exploits0References2
CVE
CVE
added 2026/06/25 3:42 a.m.15 views

CVE-2026-12079

The CVE-2026-12079 entry concerns the Dokan Pro WordPress plugin. A time‑based SQL Injection exists via the 'orderby' parameter in all versions up to 5.0.4, caused by insufficient escaping of the user‑supplied value and inadequate SQL query preparation. Authenticated users with Subscriber‑level a...

6.5CVSS6AI score0.00224EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.13 views

PT-2026-52192

Name of the Vulnerable Software and Affected Versions Dokan Pro versions prior to 5.0.5 Description The Dokan Pro plugin for WordPress contains a time-based SQL Injection flaw. This occurs because the software does not sufficiently escape user-supplied input or properly prepare the SQL query...

6.5CVSS5.8AI score0.00224EPSS
Exploits0References6
Rows per page
Query Builder