6 matches found
CVE-2025-12809
The Dokan Pro plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the /dokan/v1/wholesale/register REST API endpoint in all versions up to, and including, 4.1.3. This makes it possible for unauthenticated attackers to enumerate users and retrieve...
EUVD-2025-203498
The Dokan Pro plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the /dokan/v1/wholesale/register REST API endpoint in all versions up to, and including, 4.1.3. This makes it possible for unauthenticated attackers to enumerate users and retrieve...
CVE-2025-12809 dokan pro <= 4.1.3 - Missing Authorization to Unauthenticated Sensitive Information Exposure
The Dokan Pro plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the /dokan/v1/wholesale/register REST API endpoint in all versions up to, and including, 4.1.3. This makes it possible for unauthenticated attackers to enumerate users and retrieve...
CVE-2025-12809 dokan pro <= 4.1.3 - Missing Authorization to Unauthenticated Sensitive Information Exposure
The Dokan Pro plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the /dokan/v1/wholesale/register REST API endpoint in all versions up to, and including, 4.1.3. This makes it possible for unauthenticated attackers to enumerate users and retrieve...
CVE-2025-12809
CVE-2025-12809 : Dokan Pro (WordPress plugin) suffers an unauthenticated access flaw on REST endpoint /dokan/v1/wholesale/register due to a missing authorization check, enabling user data enumeration (emails, usernames, display names, roles, registration dates). Wordfence reports this and notes t...
PT-2025-51371
Name of the Vulnerable Software and Affected Versions Dokan Pro versions through 4.1.3 Description The Dokan Pro plugin for WordPress has a flaw that allows unauthorized access to data. This is due to a missing capability check on the /dokan/v1/wholesale/register API endpoint. An unauthenticated...