GCVE - cpe:2.3:a:wedevs:dokan_–_best_woocommerce_multivendor_marketplace_solution_–_build_your_own_amazon,_ebay,

Approved changes feed: RSS · Atom

cpe:2.3:a:wedevs:dokan_–_best_woocommerce_multivendor_marketplace_solution_–_build_your_own_amazon,_ebay,_etsy:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Wedevs (`74af2ef9-c755-5b07-93a2-5a3afa051904`)
Product	Dokan – Best Woocommerce Multivendor Marketplace Solution – Build Your Own Amazon, Ebay, Etsy (`1683f7c3-abfe-527c-b972-9857a2e82e9a`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2023-34382`	vulnerable	2026-06-03 14:52:16.603003	WordPress Dokan Plugin <= 3.7.19 is vulnerable to PHP Object Injection MEDIUM (4.4) Deserialization of Untrusted Data vulnerability in weDevs Dokan – Best WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy.This issue affects Dokan – Best WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy: from n/a through 3.7.19. Published: 2023-12-19T19:40:58.498Z Updated: 2026-04-28T16:08:29.173Z Open on db.gcve.eu Reference links https://patchstack.com/database/vulnerability/dokan-lite/wordpress-dokan-plugin-3-7-19-php-object-injection-vulnerability?_s_id=cve	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-26525`	vulnerable	2026-06-03 14:50:59.904798	WordPress Dokan Plugin <= 3.7.12 is vulnerable to SQL Injection HIGH (7.1) Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in weDevs Dokan – Best WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy.This issue affects Dokan – Best WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy: from n/a through 3.7.12. Published: 2023-12-20T17:27:23.278Z Updated: 2026-04-28T16:08:12.537Z Open on db.gcve.eu Reference links https://patchstack.com/database/vulnerability/dokan-lite/wordpress-dokan-plugin-3-7-12-authenticated-sql-injection-vulnerability?_s_id=cve	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2020-36748`	vulnerable	2026-06-03 14:42:39.884076	Dokan <= 3.0.8 - Cross-Site Request Forgery Bypass MEDIUM (4.3) The Dokan plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.0.8. This is due to missing or incorrect nonce validation on the handle_order_export() function. This makes it possible for unauthenticated attackers to trigger an order export via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. Published: 2023-07-01T05:33:28.668Z Updated: 2026-04-08T17:05:27.175Z Open on db.gcve.eu Reference links https://www.wordfence.com/threat-intel/vulnerabilities/id/894c875a-078f-4c1f-83d2-4a6e4a309c3e?source=cve https://blog.nintechnet.com/25-wordpress-plugins-vulnerable-to-csrf-attacks/ https://blog.nintechnet.com/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks/ https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3/ https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2/	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.

Dokan – Best Woocommerce Multivendor Marketplace Solution – Build Your Own Amazon, Ebay, Etsy

PURL mappings

Vulnerability references

Contribute