Approved changes feed: RSS · Atom
cpe:2.3:a:wedevs:dokan:*:*:*:*:*:wordpress:*:*
part: a version: * update: *
| Vendor | Wedevs (74af2ef9-c755-5b07-93a2-5a3afa051904) |
|---|---|
| Product | Dokan (97d9df96-4812-5a08-a073-4e58a6b20442) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | wordpress |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2023-34382 |
vulnerable | 2026-06-03 14:52:16.603595 |
WordPress Dokan Plugin <= 3.7.19 is vulnerable to PHP Object Injection
MEDIUM (4.4)
Deserialization of Untrusted Data vulnerability in weDevs Dokan – Best WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy.This issue affects Dokan – Best WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy: from n/a through 3.7.19.
Published: 2023-12-19T19:40:58.498Z
Updated: 2026-04-28T16:08:29.173Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-26525 |
vulnerable | 2026-06-03 14:50:59.905748 |
WordPress Dokan Plugin <= 3.7.12 is vulnerable to SQL Injection
HIGH (7.1)
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in weDevs Dokan – Best WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy.This issue affects Dokan – Best WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy: from n/a through 3.7.12.
Published: 2023-12-20T17:27:23.278Z
Updated: 2026-04-28T16:08:12.537Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-3915 |
vulnerable | 2026-06-03 14:47:59.528992 |
Dokan < 3.7.6 - Unauthenticated SQLi
The Dokan WordPress plugin before 3.7.6 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated users
Published: 2022-12-12T17:54:43.952Z
Updated: 2025-04-22T14:58:27.755Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-3194 |
vulnerable | 2026-06-03 14:47:52.464107 |
Dokan < 3.6.4 - Vendor Stored Cross-Site Scripting
The Dokan WordPress plugin before 3.6.4 allows vendors to inject arbitrary javascript in product reviews, which may allow them to run stored XSS attacks against other users like site administrators.
Published: 2024-01-16T15:53:36.500Z
Updated: 2025-06-02T15:10:22.999Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-36748 |
vulnerable | 2026-06-03 14:42:39.880502 |
Dokan <= 3.0.8 - Cross-Site Request Forgery Bypass
MEDIUM (4.3)
The Dokan plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.0.8. This is due to missing or incorrect nonce validation on the handle_order_export() function. This makes it possible for unauthenticated attackers to trigger an order export via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Published: 2023-07-01T05:33:28.668Z
Updated: 2026-04-08T17:05:27.175Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.