Vulnerabilities > Wedevs > Dokan > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-01-16 | CVE-2022-3194 | Cross-site Scripting vulnerability in Wedevs Dokan The Dokan WordPress plugin before 3.6.4 allows vendors to inject arbitrary javascript in product reviews, which may allow them to run stored XSS attacks against other users like site administrators. | 5.4 |
2023-07-01 | CVE-2020-36748 | Unspecified vulnerability in Wedevs Dokan The Dokan plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.0.8. | 4.3 |