Vulnerabilities and security researches fordokan-lite dokan-lite
Direction: ascendingJun 07, 2024
Dokan – Best WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy # CVE-2022-3915
- CVE, Research URL
- Home page URL
- Application
- Date
- Dec 12, 2022
- Research Description
- The Dokan WordPress plugin before 3.7.6 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated users
- Affected versions
-
max 3.7.6.
- Status
-
vulnerable
Dokan – Best WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy # CVE-2020-36748
- CVE, Research URL
- Home page URL
- Application
- Date
- Jul 01, 2023
- Research Description
- The Dokan plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.0.8. This is due to missing or incorrect nonce validation on the handle_order_export() function. This makes it possible for unauthenticated attackers to trigger an order export via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
- Affected versions
-
max 3.0.9.
- Status
-
vulnerable
Dokan – Best WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy # CVE-2023-34382
- CVE, Research URL
- Home page URL
- Application
- Date
- Dec 20, 2023
- Research Description
- Deserialization of Untrusted Data vulnerability in weDevs Dokan – Best WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy.This issue affects Dokan – Best WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy: from n/a through 3.7.19.
- Affected versions
-
max 3.7.20.
- Status
-
vulnerable
Dokan – Best WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy # CVE-2022-3194
- CVE, Research URL
- Home page URL
- Application
- Date
- Jan 16, 2024
- Research Description
- The Dokan WordPress plugin before 3.6.4 allows vendors to inject arbitrary javascript in product reviews, which may allow them to run stored XSS attacks against other users like site administrators.
- Affected versions
-
max 3.6.6.
- Status
-
vulnerable
Dokan – Best WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy # bb2edab103d44b4649118b1f5c0304ff9cfa61cf
- CVE, Research URL
- Home page URL
- Application
- Date
- Mar 01, 2021
- Research Description
- Dokan – Powerful WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy [dokan-lite] < 3.2.1 WordPress Dokan plugin <= 3.2.0 - Cross-Site Request Forgery (CSRF) vulnerability Cross-Site Request Forgery (CSRF) vulnerability found by NintechNet in WordPress Dokan plugin (versions <= 3.2.0).
- Affected versions
-
max 3.2.1.
- Status
-
vulnerable
Dokan – Best WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy # CVE-2023-26525
- CVE, Research URL
- Home page URL
- Application
- Date
- Dec 20, 2023
- Research Description
- Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in weDevs Dokan – Best WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy.This issue affects Dokan – Best WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy: from n/a through 3.7.12.
- Affected versions
-
max 3.7.13.
- Status
-
vulnerable
Dokan – Best WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy # CVE-2021-4342
- CVE, Research URL
-
-
- Home page URL
- Application
- Date
- Jun 07, 2023
- Research Description
- Rejected reason: CVE split into individual CVE IDs for each software record.
- Affected versions
-
max 3.7.20.
- Status
-
vulnerable
Nov 10, 2025
Dokan – Best WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy # CVE-2025-53425
- CVE, Research URL
- Home page URL
- Application
- Date
- Oct 22, 2025
- Research Description
- Incorrect Privilege Assignment vulnerability in Dokan, Inc. Dokan dokan-lite allows Privilege Escalation.This issue affects Dokan: from n/a through <= 4.1.2.
- Affected versions
-
max 4.1.2.
- Status
-
vulnerable