VYPR

Dokan Pro

by WordPress

Source repositories

CVEs (4)

  • CVE-2024-3922CriJun 13, 2024
    risk 0.62cvss 10.0epss 0.56

    The Dokan Pro plugin for WordPress is vulnerable to SQL Injection via the 'code' parameter in all versions up to, and including, 3.10.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it…

  • CVE-2022-3915CriDec 12, 2022
    risk 0.57cvss 9.8epss 0.01

    The Dokan WordPress plugin before 3.7.6 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated users

  • CVE-2025-39497MedJan 5, 2026
    risk 0.35cvss 6.5epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Dokan Dokan Pro allows Stored XSS.This issue affects Dokan Pro: from n/a through 3.14.5.

  • CVE-2022-3194MedJan 16, 2024
    risk 0.28cvss 5.4epss 0.00

    The Dokan WordPress plugin before 3.6.4 allows vendors to inject arbitrary javascript in product reviews, which may allow them to run stored XSS attacks against other users like site administrators.