Dokan Pro
by WordPress
Source repositories
CVEs (4)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-3922 | Cri | 0.62 | 10.0 | 0.56 | Jun 13, 2024 | The Dokan Pro plugin for WordPress is vulnerable to SQL Injection via the 'code' parameter in all versions up to, and including, 3.10.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it… | ||
| CVE-2022-3915 | Cri | 0.57 | 9.8 | 0.01 | Dec 12, 2022 | The Dokan WordPress plugin before 3.7.6 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated users | ||
| CVE-2025-39497 | Med | 0.35 | 6.5 | 0.00 | Jan 5, 2026 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Dokan Dokan Pro allows Stored XSS.This issue affects Dokan Pro: from n/a through 3.14.5. | ||
| CVE-2022-3194 | Med | 0.28 | 5.4 | 0.00 | Jan 16, 2024 | The Dokan WordPress plugin before 3.6.4 allows vendors to inject arbitrary javascript in product reviews, which may allow them to run stored XSS attacks against other users like site administrators. |
- risk 0.62cvss 10.0epss 0.56
The Dokan Pro plugin for WordPress is vulnerable to SQL Injection via the 'code' parameter in all versions up to, and including, 3.10.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it…
- risk 0.57cvss 9.8epss 0.01
The Dokan WordPress plugin before 3.7.6 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated users
- risk 0.35cvss 6.5epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Dokan Dokan Pro allows Stored XSS.This issue affects Dokan Pro: from n/a through 3.14.5.
- risk 0.28cvss 5.4epss 0.00
The Dokan WordPress plugin before 3.6.4 allows vendors to inject arbitrary javascript in product reviews, which may allow them to run stored XSS attacks against other users like site administrators.