Primary

Context

Dokan Authentication Bypass Vulnerability in WordPress Plugin

Vulnerability

Patched

A vulnerability allowing authentication bypass has been identified in the Dokan Lite WordPress plugin, affecting versions through 4.2.4. This vulnerability allows malicious actors to exploit authentication mechanisms, potentially gaining unauthorized access or privileges on affected websites.

Impact

Exploitation of this vulnerability could lead to unauthorized actions being performed by users with lower privileges, potentially allowing them to gain administrative access to the website.

Remediation

Users of the Dokan Lite WordPress plugin should update to version 4.2.5 or later. Patchstack users can enable auto-update for vulnerable plugins.

Added: Mar 25, 2026, 9:14 PM

Updated: Mar 25, 2026, 9:14 PM

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

5.0

exploitability

5.4

remediation

7.9

relevance

4.7

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

5.0

exploitability

5.4

remediation

7.9

relevance

4.7

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Dokan Authentication Bypass Vulnerability in WordPress Plugin

Vulnerability

Impact

Remediation

Affected Products

Dokan

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating