cleantalk
Vulnerabilities and Security Researches

Dokan – Best WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy, CVE-2020-36748

CVE, Research URL

CVE-2020-36748

Home page URL

Security reports for Dokan – Best WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy

Application

Dokan – Best WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy

Published on
Jul 01, 2023
Research Description
The Dokan plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.0.8. This is due to missing or incorrect nonce validation on the handle_order_export() function. This makes it possible for unauthenticated attackers to trigger an order export via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Affected versions
max 3.0.9.
Status
vulnerable
Previous vulnerability researches
Dokan – Best WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy (CVE-2025-53425) , Nov 10, 2025
Dokan – Best WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy (CVE-2022-3915) , Jun 07, 2024
Dokan – Best WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy (CVE-2020-36748) , Jun 07, 2024
Dokan – Best WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy (CVE-2023-34382) , Jun 07, 2024
Dokan – Best WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy (CVE-2022-3194) , Jun 07, 2024
New vulnerability
WP Statistics (CVE-2025-9816) , Nov 10, 2025
GenerateBlocks (CVE-2025-11879) , Nov 10, 2025
Schema & Structured Data for WP & AMP (CVE-2025-11502) , Nov 10, 2025
OOPSpam Anti-Spam (CVE-2025-12094) , Nov 10, 2025
Playerzbr (CVE-2025-11825) , Nov 10, 2025