Primary

Context

Dokan Pro WordPress Plugin Missing Authorization Vulnerability Allowing Unauthenticated Data Exposure

Vulnerability

Patched

A vulnerability exists in the Dokan Pro plugin for WordPress, in all versions through 4.1.3, due to a lack of proper capability checks on the '/dokan/v1/wholesale/register' REST API endpoint. This flaw enables unauthenticated attackers to enumerate users and access their email addresses via the REST API by supplying a user ID along with additional details such as usernames, display names, user roles, and registration dates.

Impact

Exploitation of this vulnerability could lead to unauthorized access to sensitive user information, including email addresses and other personal details, potentially facilitating further attacks or abuse.

Remediation

Users are advised to update the Dokan Pro plugin to version 4.2.0 or later.

Added: Dec 16, 2025, 6:18 AM

Updated: Dec 16, 2025, 3:15 PM

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

2.5

exploitability

7.6

remediation

7.7

relevance

1.4

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

2.5

exploitability

7.6

remediation

7.7

relevance

1.4

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Dokan Pro WordPress Plugin Missing Authorization Vulnerability Allowing Unauthenticated Data Exposure

Vulnerability

Impact

Remediation

Affected Products

Dokan Pro

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating