Lucene search
K

6 matches found

RedhatCVE
RedhatCVE
added 2025/12/17 8:7 a.m.5 views

CVE-2025-12809

The Dokan Pro plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the /dokan/v1/wholesale/register REST API endpoint in all versions up to, and including, 4.1.3. This makes it possible for unauthenticated attackers to enumerate users and retrieve...

5.3CVSS5.2AI score0.00205EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/16 5:25 a.m.6 views

EUVD-2025-203498

The Dokan Pro plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the /dokan/v1/wholesale/register REST API endpoint in all versions up to, and including, 4.1.3. This makes it possible for unauthenticated attackers to enumerate users and retrieve...

5.3CVSS4.7AI score0.00205EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/12/16 5:25 a.m.4 views

CVE-2025-12809 dokan pro <= 4.1.3 - Missing Authorization to Unauthenticated Sensitive Information Exposure

The Dokan Pro plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the /dokan/v1/wholesale/register REST API endpoint in all versions up to, and including, 4.1.3. This makes it possible for unauthenticated attackers to enumerate users and retrieve...

5.3CVSS4.8AI score0.00205EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/12/16 5:25 a.m.33 views

CVE-2025-12809 dokan pro <= 4.1.3 - Missing Authorization to Unauthenticated Sensitive Information Exposure

The Dokan Pro plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the /dokan/v1/wholesale/register REST API endpoint in all versions up to, and including, 4.1.3. This makes it possible for unauthenticated attackers to enumerate users and retrieve...

5.3CVSS0.00205EPSS
Exploits0References2
CVE
CVE
added 2025/12/16 5:25 a.m.22 views

CVE-2025-12809

CVE-2025-12809 : Dokan Pro (WordPress plugin) suffers an unauthenticated access flaw on REST endpoint /dokan/v1/wholesale/register due to a missing authorization check, enabling user data enumeration (emails, usernames, display names, roles, registration dates). Wordfence reports this and notes t...

5.3CVSS4.8AI score0.00205EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/12/16 12:0 a.m.10 views

PT-2025-51371

Name of the Vulnerable Software and Affected Versions Dokan Pro versions through 4.1.3 Description The Dokan Pro plugin for WordPress has a flaw that allows unauthorized access to data. This is due to a missing capability check on the /dokan/v1/wholesale/register API endpoint. An unauthenticated...

5.3CVSS6.2AI score0.00205EPSS
Exploits0References4
Rows per page
Query Builder