CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-34382 – WordPress Dokan Plugin <= 3.7.19 is vulnerable to PHP Object Injection
https://notcve.org/view.php?id=CVE-2023-34382
07 Jun 2023 — Deserialization of Untrusted Data vulnerability in weDevs Dokan – Best WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy.This issue affects Dokan – Best WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy: from n/a through 3.7.19. Vulnerabilidad de deserialización de datos no confiables en weDevs Dokan – Best WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy. Este problema afecta a Dokan – Best WooCommerce Multivendor... • https://patchstack.com/database/vulnerability/dokan-lite/wordpress-dokan-plugin-3-7-19-php-object-injection-vulnerability?_s_id=cve • CWE-502: Deserialization of Untrusted Data •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-26525 – WordPress Dokan Plugin <= 3.7.12 is vulnerable to SQL Injection
https://notcve.org/view.php?id=CVE-2023-26525
02 Mar 2023 — Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in weDevs Dokan – Best WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy.This issue affects Dokan – Best WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy: from n/a through 3.7.12. Neutralización incorrecta de elementos especiales utilizados en una vulnerabilidad de comando SQL ('inyección SQL') en weDevs Dokan – Best WooCommerce Multivendor Marketp... • https://patchstack.com/database/vulnerability/dokan-lite/wordpress-dokan-plugin-3-7-12-authenticated-sql-injection-vulnerability?_s_id=cve • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2022-3915 – Dokan < 3.7.6 - Unauthenticated SQLi
https://notcve.org/view.php?id=CVE-2022-3915
21 Nov 2022 — The Dokan WordPress plugin before 3.7.6 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated users El complemento Dokan WordPress anterior a 3.7.6 no sanitiza ni escapa adecuadamente un parámetro antes de usarlo en una declaración SQL, lo que genera una inyección de SQL explotable por usuarios no autenticados. The Dokan plugin for WordPress is vulnerable to SQL Injection via the ‘user_ids’ parameter in versions up to,... • https://wpscan.com/vulnerability/fd416d99-1970-418f-81f5-8438490d4479 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-3194 – Dokan < 3.6.4 - Vendor Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2022-3194
13 Sep 2022 — The Dokan WordPress plugin before 3.6.4 allows vendors to inject arbitrary javascript in product reviews, which may allow them to run stored XSS attacks against other users like site administrators. El complemento Dokan WordPress anterior a 3.6.4 permite a los proveedores inyectar javascript arbitrario en reseñas de productos, lo que puede permitirles ejecutar ataques de XSS almacenado contra otros usuarios, como administradores de sitios. The Dokan plugin for WordPress is vulnerable to Stored Cross-Site Sc... • https://wpscan.com/vulnerability/85e32913-dc2a-44c9-addd-7abde618e995 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 1CVE-2020-36748 – Dokan <= 3.0.8 - Cross-Site Request Forgery Bypass
https://notcve.org/view.php?id=CVE-2020-36748
16 Sep 2020 — The Dokan plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.0.8. This is due to missing or incorrect nonce validation on the handle_order_export() function. This makes it possible for unauthenticated attackers to trigger an order export via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. • https://blog.nintechnet.com/25-wordpress-plugins-vulnerable-to-csrf-attacks • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-5410 – Dokan file system driver contains a stack-based buffer overflow
https://notcve.org/view.php?id=CVE-2018-5410
07 Jan 2019 — Dokan, versions between 1.0.0.5000 and 1.2.0.1000, are vulnerable to a stack-based buffer overflow in the dokan1.sys driver. An attacker can create a device handle to the system driver and send arbitrary input that will trigger the vulnerability. This vulnerability was introduced in the 1.0.0.5000 version update. Dokan, desde la versión 1.0.0.5000 hasta la 1.2.0.1000, es vulnerable a un desbordamiento de búfer basado en pila en el controlador dokan1.sys. Un atacante podría crear un manejador de dispositivo ... • https://www.exploit-db.com/exploits/46155 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •