Wedevs Dokan
By the Year
In 2024 there have been 1 vulnerability in Wedevs Dokan with an average score of 5.4 out of ten. Last year Dokan had 4 security vulnerabilities published. Right now, Dokan is on track to have less security vulnerabilities in 2024 than it did last year. Last year, the average CVE base score was greater by 1.67
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2024 | 1 | 5.40 |
| 2023 | 4 | 7.07 |
| 2022 | 1 | 9.80 |
| 2021 | 0 | 0.00 |
| 2020 | 0 | 0.00 |
| 2019 | 0 | 0.00 |
| 2018 | 0 | 0.00 |
It may take a day or so for new Dokan vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Wedevs Dokan Security Vulnerabilities
The Dokan WordPress plugin before 3.6.4
CVE-2022-3194
5.4 - Medium
- January 16, 2024
The Dokan WordPress plugin before 3.6.4 allows vendors to inject arbitrary javascript in product reviews, which may allow them to run stored XSS attacks against other users like site administrators.
XSS
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in weDevs Dokan Best WooCommerce Multivendor Marketplace Solution Build Your Own Amazon, eBay, Etsy.This issue affects Dokan Best WooCommerce Multivendor Marketplace Solution Build Your Own Amazon, eBay, Etsy:
CVE-2023-26525
8.1 - High
- December 20, 2023
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in weDevs Dokan Best WooCommerce Multivendor Marketplace Solution Build Your Own Amazon, eBay, Etsy.This issue affects Dokan Best WooCommerce Multivendor Marketplace Solution Build Your Own Amazon, eBay, Etsy: from n/a through 3.7.12.
SQL Injection
Deserialization of Untrusted Data vulnerability in weDevs Dokan Best WooCommerce Multivendor Marketplace Solution Build Your Own Amazon, eBay, Etsy.This issue affects Dokan Best WooCommerce Multivendor Marketplace Solution Build Your Own Amazon, eBay, Etsy:
CVE-2023-34382
8.8 - High
- December 19, 2023
Deserialization of Untrusted Data vulnerability in weDevs Dokan Best WooCommerce Multivendor Marketplace Solution Build Your Own Amazon, eBay, Etsy.This issue affects Dokan Best WooCommerce Multivendor Marketplace Solution Build Your Own Amazon, eBay, Etsy: from n/a through 3.7.19.
Marshaling, Unmarshaling
The Dokan plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.0.8
CVE-2020-36748
4.3 - Medium
- July 01, 2023
The Dokan plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.0.8. This is due to missing or incorrect nonce validation on the handle_order_export() function. This makes it possible for unauthenticated attackers to trigger an order export via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Session Riding
** REJECT ** CVE split into individual CVE IDs for each software record.
CVE-2021-4342
- June 07, 2023
** REJECT ** CVE split into individual CVE IDs for each software record.
The Dokan WordPress plugin before 3.7.6 does not properly sanitise and escape a parameter before using it in a SQL statement
CVE-2022-3915
9.8 - Critical
- December 12, 2022
The Dokan WordPress plugin before 3.7.6 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated users
SQL Injection
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Wedevs Dokan or by Wedevs? Click the Watch button to subscribe.
