Vulnerabilities > Wedevs > Dokan > 3.6.1
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-16 | CVE-2022-3194 | Cross-site Scripting vulnerability in Wedevs Dokan The Dokan WordPress plugin before 3.6.4 allows vendors to inject arbitrary javascript in product reviews, which may allow them to run stored XSS attacks against other users like site administrators. | 5.4 |
| 2023-12-20 | CVE-2023-26525 | SQL Injection vulnerability in Wedevs Dokan Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in weDevs Dokan – Best WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy.This issue affects Dokan – Best WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy: from n/a through 3.7.12. | 8.1 |
| 2023-12-19 | CVE-2023-34382 | Deserialization of Untrusted Data vulnerability in Wedevs Dokan Deserialization of Untrusted Data vulnerability in weDevs Dokan – Best WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy.This issue affects Dokan – Best WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy: from n/a through 3.7.19. | 8.8 |
| 2022-12-12 | CVE-2022-3915 | Unspecified vulnerability in Wedevs Dokan The Dokan WordPress plugin before 3.7.6 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated users | 9.8 |