Vulnerabilities > Wedevs > Dokan > Medium

DATE CVE VULNERABILITY TITLE RISK
2024-01-16 CVE-2022-3194 Cross-site Scripting vulnerability in Wedevs Dokan
The Dokan WordPress plugin before 3.6.4 allows vendors to inject arbitrary javascript in product reviews, which may allow them to run stored XSS attacks against other users like site administrators.
network
low complexity
wedevs CWE-79
5.4
2023-07-01 CVE-2020-36748 Unspecified vulnerability in Wedevs Dokan
The Dokan plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.0.8.
network
low complexity
wedevs
4.3