VYPR

Dokan Lite

by WordPress

Source repositories

CVEs (5)

  • CVE-2026-24359HigMar 25, 2026
    risk 0.57cvss 8.8epss 0.01

    Authentication Bypass Using an Alternate Path or Channel vulnerability in Dokan, Inc. Dokan dokan-lite allows Authentication Abuse.This issue affects Dokan: from n/a through <= 4.2.4.

  • CVE-2026-49780HigJun 15, 2026
    risk 0.50cvss 8.8epss 0.00

    Customer Privilege Escalation in Dokan <= 5.0.2 versions.

  • CVE-2025-14977HigJan 20, 2026
    risk 0.46cvss 8.1epss 0.00

    The Dokan: AI Powered WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 4.2.4 via the `/wp-json/dokan/v1/settings` REST API endpoint due to…

  • CVE-2025-53425HigOct 22, 2025
    risk 0.40cvss 7.2epss 0.00

    Incorrect Privilege Assignment vulnerability in Dokan, Inc. Dokan dokan-lite allows Privilege Escalation.This issue affects Dokan: from n/a through <= 4.1.3.

  • CVE-2026-3504MedMay 2, 2026
    risk 0.27cvss 5.3epss 0.00

    The Dokan: AI Powered WooCommerce Multivendor Marketplace Solution plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.3.1 via the '/dokan/v1/stores/{id}/reviews' REST API endpoint. This is due to the…