Dokan

Source repositories

https://github.com/getdokan/dokan

CVEs (9)

CVE	Vendor / Product	Sev	Risk	CVSS	EPSS	Published	Description
CVE-2024-3922	Dokan Dokan	Cri	0.65	10.0	0.56	Jun 13, 2024	The Dokan Pro plugin for WordPress is vulnerable to SQL Injection via the 'code' parameter in all versions up to, and including, 3.10.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it…
CVE-2026-49780	WordPress Dokan	Hig	0.50	8.8	—	Jun 15, 2026	Customer Privilege Escalation in Dokan <= 5.0.2 versions.
CVE-2025-5931	Dokan Dokan	Hig	0.50	8.8	0.00	Aug 26, 2025	The Dokan Pro plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 4.0.5. This is due to the plugin not properly validating a user's identity prior to updating their password during a staff password reset. This…
CVE-2023-26525	Dokan Dokan	Hig	0.39	7.1	0.01	Dec 20, 2023	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in weDevs Dokan – Best WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy.This issue affects Dokan – Best WooCommerce Multivendor Marketplace…
CVE-2025-12809	Dokan Dokan	Med	0.27	5.3	0.00	Dec 16, 2025	The Dokan Pro plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the `/dokan/v1/wholesale/register` REST API endpoint in all versions up to, and including, 4.1.3. This makes it possible for unauthenticated attackers to…
CVE-2023-34382	Dokan Dokan	Med	0.22	4.4	0.01	Dec 19, 2023	Deserialization of Untrusted Data vulnerability in weDevs Dokan – Best WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy.This issue affects Dokan – Best WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy: from…
CVE-2020-36748	Dokan Dokan	Med	0.21	4.3	0.00	Jul 1, 2023	The Dokan plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.0.8. This is due to missing or incorrect nonce validation on the handle_order_export() function. This makes it possible for unauthenticated attackers to trigger an…
CVE-2022-3194	WordPress Dokan		0.00	—	0.00	Jan 16, 2024	The Dokan WordPress plugin before 3.6.4 allows vendors to inject arbitrary javascript in product reviews, which may allow them to run stored XSS attacks against other users like site administrators.
CVE-2022-3915	WordPress Dokan		0.00	—	0.01	Dec 12, 2022	The Dokan WordPress plugin before 3.7.6 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated users

CVE-2024-3922CriJun 13, 2024
Dokan
Dokan
risk 0.65cvss 10.0epss 0.56
The Dokan Pro plugin for WordPress is vulnerable to SQL Injection via the 'code' parameter in all versions up to, and including, 3.10.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it…
CVE-2026-49780HigJun 15, 2026
WordPress
Dokan
risk 0.50cvss 8.8epss —
Customer Privilege Escalation in Dokan <= 5.0.2 versions.
CVE-2025-5931HigAug 26, 2025
Dokan
Dokan
risk 0.50cvss 8.8epss 0.00
The Dokan Pro plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 4.0.5. This is due to the plugin not properly validating a user's identity prior to updating their password during a staff password reset. This…
CVE-2023-26525HigDec 20, 2023
Dokan
Dokan
risk 0.39cvss 7.1epss 0.01
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in weDevs Dokan – Best WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy.This issue affects Dokan – Best WooCommerce Multivendor Marketplace…
CVE-2025-12809MedDec 16, 2025
Dokan
Dokan
risk 0.27cvss 5.3epss 0.00
The Dokan Pro plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the `/dokan/v1/wholesale/register` REST API endpoint in all versions up to, and including, 4.1.3. This makes it possible for unauthenticated attackers to…
CVE-2023-34382MedDec 19, 2023
Dokan
Dokan
risk 0.22cvss 4.4epss 0.01
Deserialization of Untrusted Data vulnerability in weDevs Dokan – Best WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy.This issue affects Dokan – Best WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy: from…
CVE-2020-36748MedJul 1, 2023
Dokan
Dokan
risk 0.21cvss 4.3epss 0.00
The Dokan plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.0.8. This is due to missing or incorrect nonce validation on the handle_order_export() function. This makes it possible for unauthenticated attackers to trigger an…
CVE-2022-3194Jan 16, 2024
WordPress
Dokan
risk 0.00cvss —epss 0.00
The Dokan WordPress plugin before 3.6.4 allows vendors to inject arbitrary javascript in product reviews, which may allow them to run stored XSS attacks against other users like site administrators.
CVE-2022-3915Dec 12, 2022
WordPress
Dokan
risk 0.00cvss —epss 0.01
The Dokan WordPress plugin before 3.7.6 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated users