cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-3922,https://securityvulnerability.io/vulnerability/CVE-2024-3922,SQL Injection Vulnerability in Dokan Pro Plugin Affects Sensitive Data,"The Dokan Pro plugin for WordPress has a vulnerability that allows SQL injection through the 'code' parameter. This exploit arises from inadequate escaping mechanisms on user-supplied parameters and insufficient preparation of existing SQL queries. Unauthenticated attackers can inject additional SQL commands, which can enable them to manipulate database queries. This vulnerability underscores the importance of implementing secure coding practices in WordPress plugin development to protect sensitive data.",Wordpress,Dokan Pro,9.8,CRITICAL,0.008340000174939632,false,,false,false,false,,false,false,2024-06-13T02:05:22.878Z,0
CVE-2022-3194,https://securityvulnerability.io/vulnerability/CVE-2022-3194,Dokan < 3.6.4 - Vendor Stored Cross-Site Scripting,"The Dokan WordPress plugin, in versions before 3.6.4, is susceptible to a flaw that allows vendors to inject arbitrary JavaScript into product reviews. This vulnerability can be exploited to execute stored cross-site scripting (XSS) attacks targeting other users, including site administrators. Such attacks can lead to unauthorized actions and data exposure, undermining the security and integrity of websites utilizing this plugin. It is crucial for website administrators to update their Dokan plugin to mitigate potential risks associated with this vulnerability.",Wordpress,Dokan,5.4,MEDIUM,0.0005200000014156103,false,,false,false,true,true,false,false,2024-01-16T15:53:36.500Z,0
CVE-2020-36748,https://securityvulnerability.io/vulnerability/CVE-2020-36748,Cross-Site Request Forgery in Dokan Plugin for WordPress,"The Dokan plugin for WordPress is susceptible to Cross-Site Request Forgery due to inadequate nonce validation in the handle_order_export() function. This flaw allows unauthenticated attackers to manipulate order exports by tricking a site administrator into executing an unintended action, such as clicking a malicious link, thereby exposing sensitive order information.",Wordpress,"Dokan – Best WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, Ebay, Etsy",4.3,MEDIUM,0.001879999996162951,false,,false,false,false,,false,false,2023-07-01T05:33:28.668Z,0
CVE-2022-3915,https://securityvulnerability.io/vulnerability/CVE-2022-3915,Dokan < 3.7.6 - Unauthenticated SQLi,"The Dokan WordPress plugin before 3.7.6 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated users",Wordpress,Dokan,9.8,CRITICAL,0.00267999991774559,false,,false,false,false,,false,false,2022-12-12T17:54:43.952Z,0