Lucene search
K

7 matches found

CVE
CVE
added 2026/05/02 1:26 p.m.18 views

CVE-2026-3504

The CVE-2026-3504 entry concerns the Dokan: AI Powered WooCommerce Multivendor Marketplace Solution for WordPress. Affects all versions up to 4.3.1 via the REST endpoint /dokan/v1/stores/{id}/reviews. The root cause is that prepare_reviews_for_response includes reviewer email addresses, usernames...

5.3CVSS5.8AI score0.0026EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/05/02 1:26 p.m.36 views

CVE-2026-3504 Dokan: AI Powered WooCommerce Multivendor Marketplace Solution <= 4.3.1 - Unauthenticated Information Disclosure in Store Reviews REST API Endpoint

The Dokan: AI Powered WooCommerce Multivendor Marketplace Solution plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.3.1 via the '/dokan/v1/stores/id/reviews' REST API endpoint. This is due to the 'preparereviewsforresponse' method...

5.3CVSS0.0026EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/05/02 12:0 a.m.8 views

PT-2026-36618

The Dokan: AI Powered WooCommerce Multivendor Marketplace Solution plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.3.1 via the '/dokan/v1/stores/id/reviews' REST API endpoint. This is due to the 'prepare reviews for response' method...

5.3CVSS5.8AI score0.0026EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/05/02 12:0 a.m.11 views

WordPress plugin Dokan: AI Powered WooCommerce Multivendor Marketplace Solution 信息泄露漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

5.3CVSS5.8AI score0.0026EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/05/01 12:0 a.m.5 views

WordPress Dokan: AI Powered WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy plugin <= 4.3.1 - Unauthenticated Information Disclosure in Store Reviews REST API Endpoint vulnerability

Unauthenticated Information Disclosure in Store Reviews REST API Endpoint vulnerability discovered by Rafshanzani Suhada in WordPress Plugin Dokan versions = 4.3.1...

5.3CVSS5.8AI score0.0026EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2025/02/09 5:15 a.m.2 views

CVE-2024-13440

The Super Store Finder plugin for WordPress is vulnerable to SQL Injection via the ‘ssfwpusername’ parameter in all versions up to, and including, 7.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible f...

8.2CVSS5.8AI score0.00356EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/02/09 12:0 a.m.4 views

PT-2025-6030 · WordPress · Super Store Finder

Name of the Vulnerable Software and Affected Versions: Super Store Finder plugin for WordPress versions up to, and including, 7.0 Description: The issue allows unauthenticated attackers to perform SQL Injection via the ssf wp user name parameter due to insufficient escaping on the user-supplied...

8.2CVSS9.6AI score0.00356EPSS
Exploits0References12
Rows per page
Query Builder